Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password is exposed in EXPLAIN VIRTUAL for ORA connections #83

Closed
snehlsen opened this issue Feb 14, 2019 · 1 comment
Closed

Password is exposed in EXPLAIN VIRTUAL for ORA connections #83

snehlsen opened this issue Feb 14, 2019 · 1 comment
Assignees
@snehlsen
Labels
bug Unwanted / harmful behavior

Comments

@snehlsen
Copy link
Contributor

snehlsen commented Feb 14, 2019
edited

If a connection is used in a Virtual Schema that stores username and password, this information should not be exposed in the resulting pushdown SQL. This works fine for JDBC connections, but not for the special ORA connections:

create connection ora_connection to '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=myhost)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=orautf8)))' user 'foo' identified by 'bar';

create virtual schema oravs using adapter.jdbc_adapter
with connection_name = 'ora_jdbc_connection' 
sql_dialect='ORACLE' schema_name = 'LOADER' 
IMPORT_FROM_ORA = 'true'
ORA_CONNECTION_NAME = 'ora_connection';

Execution of explain virtual select x from oravs.t; returns the pushdown:
IMPORT FROM ORA AT ora_connection USER 'foo' IDENTIFIED BY 'bar' STATEMENT 'SELECT * FROM "LS"."T"'
@snehlsen snehlsen added the bug Unwanted / harmful behavior label Feb 14, 2019
@snehlsen snehlsen changed the title Password is exposed for EXA and ORA connections Password is exposed in EXPLAIN VIRTUAL for EXA and ORA connections Feb 14, 2019
snehlsen added a commit that referenced this issue Feb 21, 2019
@snehlsen
#83 only add username/password to pushdown sql if no connection is sp…
864cc6c 
…ecified
snehlsen added a commit that referenced this issue Feb 22, 2019
@snehlsen
#83 fixed pushdown import sql for EXA connections
522b43a
snehlsen added a commit that referenced this issue Feb 22, 2019
@snehlsen
#83 added integration test for EXA and JDBC IMPORT pushdown sql
dced100
@snehlsen snehlsen changed the title Password is exposed in EXPLAIN VIRTUAL for EXA and ORA connections Password is exposed in EXPLAIN VIRTUAL for ORA connections Feb 22, 2019
@snehlsen snehlsen self-assigned this Feb 22, 2019
@snehlsen snehlsen mentioned this issue Feb 22, 2019
Merged
snehlsen added a commit that referenced this issue Feb 25, 2019
@snehlsen
#83 using StringBuilder instead of String.format
43346e5
snehlsen added a commit that referenced this issue Feb 25, 2019
@snehlsen
#83 renamed userSpecifiedConnection to isUserSpecifiedConnection
3a96586
snehlsen added a commit that referenced this issue Feb 26, 2019
@snehlsen
#83 split testmethod, added final
c23ccf0
snehlsen added a commit that referenced this issue Feb 26, 2019
@snehlsen
#83 added builder for creating connections
9ef0f38
snehlsen added a commit that referenced this issue Feb 26, 2019
@snehlsen
#83 added final
388049a
snehlsen added a commit that referenced this issue Feb 26, 2019
@snehlsen
#83 moved test properties to setUp to avoid duplication
8b195f8
snehlsen added a commit that referenced this issue Feb 26, 2019
@snehlsen
#83 moved test MetadataInfo to setUp to avoid duplication
a43135a
@snehlsen snehlsen mentioned this issue Feb 27, 2019
Merged
snehlsen added a commit that referenced this issue Feb 27, 2019
@snehlsen
1.5.1 (#97)
fd8bffc 
* removed common part (#82)
* fixed exposed password bug (#83)
* preparations for join pushdown
@snehlsen
Copy link
Contributor Author

Fixed in v1.5.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@snehlsen snehlsen

Labels
bug Unwanted / harmful behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@snehlsen