drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Omernik <j...@omernik.com>
Subject Re: Dynamic setting of user id / password for Storage plugin
Date Thu, 09 Jun 2016 18:14:19 GMT
I think the original question is more about using the JDBC Storage Plugin
and connections to other sources. I know I've posted a few user posts
related to the security of storage plugins and the idea of passing
credentials to the back end was discussed. The challenge here from a
security perspective is A. Does Drill and the RDBMS share an authenticator?
(i.e. LDAP) if so, how can Drill pass a token to the backend to to ensure
end to end accountability without storing passwords.  This is a non-trivial
challenge in a multi-user system.

My "first step"  approach was to Storage plugins where the ability to query
these could be set within drill (using Filesystem ACLs or other
methodologies) This could allow a drill admin to setup different plugins
with different permissions and assign users there. It defeats the "end
point" (RDBMS)  accountability because unless each user got their own
plugin, there would be shared users via  abit, but that's better than the
everyone can access all the storage plugins.

This is hard in general :)

John

On Thu, Jun 9, 2016 at 1:02 PM, Chun Chang <cchang@maprtech.com> wrote:

> Yaxiong,
>
> If you still have questions after reading the docs provided by Neeraja,
> please let us know. I will be happy to help.
>
> Chun
>
> On Thu, Jun 9, 2016 at 10:40 AM, Neeraja Rentachintala <
> nrentachintala@maprtech.com> wrote:
>
> > Have you checked these docs.
> > https://drill.apache.org/docs/configuring-user-authentication/
> >
> > On Thu, Jun 9, 2016 at 8:05 AM, Lin, Yaxiong <lin.yaxiong@mayo.edu>
> wrote:
> >
> > > Hi,
> > >
> > > I am evaluating Drills as the query service for our analytics
> > applications
> > > to access various data sources and it seems to fill the needs very
> well.
> > > However I have one concern/question that I could not find the answer
> from
> > > Drill’s website or on google.
> > >
> > > My question/concern is that from what I’ve read, the storage plugin
> > > configuration requires static user id and password set in the
> > configuration
> > > which storage plugin will use to connect to the backend data
> > > source/database. I need Drill client to pass the user id and password
> at
> > > query submission to storage plugin (e.g. RDMBS) and have storage plugin
> > use
> > > that to connect to the back end data source/database.  Obviously each
> > > client has his/her own set of user id and password for each data
> > > source/database.  Is there anyway that I can achieve this?
> > >
> > > Thanks.
> > >
> > > Yaxiong Lin
> > > Mayo Clinic
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message