hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-17606) Improve security for DB notification related APIs
Date Thu, 28 Sep 2017 19:00:05 GMT

    [ https://issues.apache.org/jira/browse/HIVE-17606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184668#comment-16184668
] 

Thejas M Nair commented on HIVE-17606:
--------------------------------------

{code}
 try {
+      rsp = metaStoreClient.getNextNotification(firstEventId, 0, null);
+      assertEquals(1, rsp.getEventsSize());
+      // Turn auth back on. That should fail the call and we do expect the exception
+      hconf.setBoolVar(HiveConf.ConfVars.METASTORE_EVENT_DB_NOTIFICATION_API_AUTH, true);
+      rsp = metaStoreClient.getNextNotification(firstEventId, 0, null);
+    } 
{code}

In above section, if the first call to metaStoreClient.getNextNotification throws an exception,
the test would still succeed. Is that right ?


> Improve security for DB notification related APIs
> -------------------------------------------------
>
>                 Key: HIVE-17606
>                 URL: https://issues.apache.org/jira/browse/HIVE-17606
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore
>            Reporter: Tao Li
>            Assignee: Tao Li
>         Attachments: HIVE-17606.1.patch, HIVE-17606.2.patch, HIVE-17606.3.patch, HIVE-17606.4.patch,
HIVE-17606.5.patch, HIVE-17606.6.patch, HIVE-17606.7.patch, HIVE-17606.8.patch, HIVE-17606.9.patch
>
>
> The purpose is to make sure only the superusers which are specified in the proxyuser
settings can make the db notification related API calls, since this is supposed to be called
by superuser/admin instead of any end user.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message