[ https://issues.apache.org/jira/browse/MAPREDUCE-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12727630#action_12727630 ]
Aaron Kimball commented on MAPREDUCE-710: ----------------------------------------- This patch adds a {{\-P}} flag which prompts for password on the console using java.io.Console.readPassword(). It also changes the mysqldump logic to write a user-readable-only file containing the password and use that instead of {{\-\-password}} on the command-line, which is insecure. Since mysqldump reads its password directly from the console, not from stdin, it is impossible to "directly" feed the password to mysqldump. Thus the user-only file is the means I've chosen to transmit the password. I have added a new test case which Hudson won't run by default, to test this behavior. Users with mysql who wish to run this test should run {{ant jar \-Dtestcase=MySQLAuthTest}} in the {{src/contrib/sqoop}} directory. > Sqoop should read and transmit passwords in a more secure manner > ---------------------------------------------------------------- > > Key: MAPREDUCE-710 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-710 > Project: Hadoop Map/Reduce > Issue Type: Improvement > Components: contrib/sqoop > Reporter: Aaron Kimball > Assignee: Aaron Kimball > Attachments: MAPREDUCE-710.patch > > > Sqoop's current support for passwords involves reading passwords from the > command line "--password foo", which makes the password visible to other > users via 'ps'. An invisible-console approach should be taken. > Related, Sqoop transmits passwords to mysqldump in the same fashion, which is > also insecure. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.