Securing the JDBC password

Secure JDBC passwords by masking query outputs and storing them in Java Keystore files. Handle case-sensitive column names with column mapping.

The dbcp.password table property stores the JDBC password in clear text. To avoid the risk of a password leak, the SHOW CREATE TABLE and DESCRIBE FORMATTED | EXTENDED <table-name> statements mask the value of the dbcp.password table property in their outputs.

In production environments, it is recommended that you do not store the JDBC password in clear text using the dbcp.password table property. Instead, you can store the password in a Java Keystore file on HDFS or on cloud storage like Amazon S3 using the following command:

Creating a Java keystore file on HDFS with the key as "host1.password" and password as "passwd1":
```
hadoop credential create host1.password -provider
jceks://hdfs/user/foo/test.jceks -v passwd1
```
Creating a Java keystore file on Amazon S3 with the key as "impala" and password as "passwd2":
```
hadoop credential create impala -provider
jceks://s3a@dw-impala-test/jceks/demo.jceks -v passwd2
```

For more information, see the Apache Hadoop CredentialProvider APIs guide.

Support for case-sensitive table and column names

The column names of tables in the remote database can be different from the external JDBC table schema. For example, Postgres allows case-sensitive column names, however, Impala saves column names in lowercase. In such situations, you can set the column.mapping table property to map column names between Impala external JDBC tables and the remote tables.

Example:

"column.mapping"="id=id, bool_col=Bool_col, tinyint_col=Tinyint_col,
smallint_col=Smallint_col, int_col=Int_col, bigint_col=Bigint_col,
float_col=Float_col, double_col=Double_col, date_col=date_col,
string_col=String_col, timestamp=Timestamp");