search

prestodb / presto

The official home of the Presto distributed SQL query engine for big data
http://prestodb.io
Apache License 2.0
15.98k stars 5.36k forks source link

Presto CLI --password gets displayed when using grep to find the process in Unix #15416

Open jagan985 opened 3 years ago

jagan985 commented 3 years ago

Dear All, Currently i'm executing the view query using presto CLI command by constructing the string with username and password as well, and execute it from a JAVA JAR as bash command to LINUX server.

Code Snipet:-

String Password = enigma.decrypt(propFile.getProperty("Password")); String ptr_sec = presto_cli_path + "/presto --server " + presto_https_server + " --keystore-path " + keystore_path + " --keystore-password " + keystore_password + " --catalog " + presto_catalog + " --schema " + presto_schema + " --user " + presto_user + " -f " + queryFile + " --output-format " + outputFromat + " --password " + Password; Process p_sec = Runtime.getRuntime().exec(new String[] { "bash", "-c", ptr_sec });

When I grep the process of that specific like below, the presto string is getting displayed along with the process including the password. Please help with some options resolve this.

ps -ef | grep usename | grep presto

java -Xmx1G -jar /tableau/prestoRecon/jar//presto --server https:/<>:6078 --keystore-path /tableau/prestoRecon/jar/presto314.jks --keystore-password changeit --catalog hive --schema newuat --user username -f /CTRLFW/RRR/uat/tableau/prestoRecon/bin/rriskrep_view_cob.sql --output-format CSV --password P@ssWord123

ljluestc commented 1 year ago 
import java.util.Map;

public class PrestoCLIProcess {
    public static void main(String[] args) throws Exception {
        String password = enigma.decrypt(propFile.getProperty("Password"));
        String ptrSec = presto_cli_path + "/presto --server " + presto_https_server + " --keystore-path " + keystore_path + " --keystore-password " + keystore_password + " --catalog " + presto_catalog + " --schema " + presto_schema + " --user " + presto_user + " -f " + queryFile + " --output-format " + outputFromat;

        // Set the Presto password as an environment variable
        ProcessBuilder processBuilder = new ProcessBuilder("bash", "-c", ptrSec);
        Map<String, String> environment = processBuilder.environment();
        environment.put("PRESTO_PASSWORD", password);

        Process pSec = processBuilder.start();
        pSec.waitFor();
    }
}

Now, when you run the Presto CLI process, you can access the password in your script using the PRESTO_PASSWORD environment variable.