Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-3719

Improve HiveServer to support username/password authentication

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.9.0
    • None
    • Authentication, JDBC

    Description

      The current HiveServer implementation (call it HiveServer version 1 to distinguish it from HIveServer2 that is under development currently) does not have any authentication mechanism against connecting clients, which means anyone can access it, e.g. through Hive JDBC driver, without any security control. The user and password property are simply ignored by Hive JDBC driver and never get to HiveServer1.

      It would be good to introduce authentication infrastructure to HiveServer 1, and improve JDBC driver implementation as well to support this, so that together with the existing authorization infrastructure, for applications that want to access HiveServer1 via JDBC driver, connections and operations are under security control.

      Although there's HiveServer2 that has been under implementation for a while, this improvement for HiveServer1 is very necessary to fill the big security hole, and would benefit applications a lot that are using HiveServer1.

      Attachments

        1. HIVE-3719.patch
          95 kB
          Yu Gao

        Issue Links

          requires

          Task - A task that needs to be done. HADOOP-9083 Port HADOOP-9020 Add a SASL PLAIN server to branch 1

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              crystal_gaoyu Yu Gao
              crystal_gaoyu Yu Gao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: