[jira] [Assigned] (HIVE-11555) Beeline sends password in clear text if we miss -ssl=true flag in the connect string
[
https://issues.apache.org/jira/browse/HIVE-11555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Junjie Chen reassigned HIVE-11555:
--
Assignee: (was: Junjie Chen)
> Beeline sends password in clear text if we miss -ssl=true flag in the connect
> string
>
>
> Key: HIVE-11555
> URL: https://issues.apache.org/jira/browse/HIVE-11555
> Project: Hive
> Issue Type: Bug
> Components: Beeline
>Affects Versions: 1.2.0
>Reporter: bharath v
>
> {code}
> I used tcpdump to display the network traffic:
> [root@fe01 ~]# beeline
> Beeline version 0.13.1-cdh5.3.2 by Apache Hive
> beeline> !connect jdbc:hive2://fe01.sectest.poc:1/default
> Connecting to jdbc:hive2://fe01.sectest.poc:1/default
> Enter username for jdbc:hive2://fe01.sectest.poc:1/default: tdaranyi
> Enter password for jdbc:hive2://fe01.sectest.poc:1/default: *
> (I entered "cleartext" as the password)
> The tcpdump in a different window
> tdara...@fe01.sectest.poc:~$ sudo tcpdump -n -X -i lo port 1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
> (...)
> 10:25:16.329974 IP 192.168.32.102.54322 > 192.168.32.102.ndmp: Flags [P.],
> seq 11:35, ack 1, win 512, options [nop,nop,TS val 2412851969 ecr
> 2412851969], length 24
> 0x: 4500 004c 3dd3 4000 4006 3abc c0a8 2066 E..L=.@.@.:f
> 0x0010: c0a8 2066 d432 2710 714c 0edc b45c 9268 ...f.2'.qL...\.h
> 0x0020: 8018 0200 c25b 0101 080a 8fd1 3301 .[3.
> 0x0030: 8fd1 3301 0500 1300 7464 6172 616e ..3...tdaran
> 0x0040: 7969 0063 6c65 6172 7465 7874 yi.cleartext
> (...)
> {code}
> We rely on the user supplied configuration to decide whether to open an SSL
> socket or a Plain one. Instead we can negotiate this information from the HS2
> and connect accordingly.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Assigned] (HIVE-11555) Beeline sends password in clear text if we miss -ssl=true flag in the connect string
[
https://issues.apache.org/jira/browse/HIVE-11555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Junjie Chen reassigned HIVE-11555:
--
Assignee: Junjie Chen
> Beeline sends password in clear text if we miss -ssl=true flag in the connect
> string
>
>
> Key: HIVE-11555
> URL: https://issues.apache.org/jira/browse/HIVE-11555
> Project: Hive
> Issue Type: Bug
> Components: Beeline
>Affects Versions: 1.2.0
>Reporter: bharath v
>Assignee: Junjie Chen
>
> {code}
> I used tcpdump to display the network traffic:
> [root@fe01 ~]# beeline
> Beeline version 0.13.1-cdh5.3.2 by Apache Hive
> beeline> !connect jdbc:hive2://fe01.sectest.poc:1/default
> Connecting to jdbc:hive2://fe01.sectest.poc:1/default
> Enter username for jdbc:hive2://fe01.sectest.poc:1/default: tdaranyi
> Enter password for jdbc:hive2://fe01.sectest.poc:1/default: *
> (I entered "cleartext" as the password)
> The tcpdump in a different window
> tdara...@fe01.sectest.poc:~$ sudo tcpdump -n -X -i lo port 1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
> (...)
> 10:25:16.329974 IP 192.168.32.102.54322 > 192.168.32.102.ndmp: Flags [P.],
> seq 11:35, ack 1, win 512, options [nop,nop,TS val 2412851969 ecr
> 2412851969], length 24
> 0x: 4500 004c 3dd3 4000 4006 3abc c0a8 2066 E..L=.@.@.:f
> 0x0010: c0a8 2066 d432 2710 714c 0edc b45c 9268 ...f.2'.qL...\.h
> 0x0020: 8018 0200 c25b 0101 080a 8fd1 3301 .[3.
> 0x0030: 8fd1 3301 0500 1300 7464 6172 616e ..3...tdaran
> 0x0040: 7969 0063 6c65 6172 7465 7874 yi.cleartext
> (...)
> {code}
> We rely on the user supplied configuration to decide whether to open an SSL
> socket or a Plain one. Instead we can negotiate this information from the HS2
> and connect accordingly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
