You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Sushanth Sowmyan (JIRA)" <ji...@apache.org> on 2013/12/09 23:38:07 UTC

[jira] [Updated] (HIVE-5989) Hive metastore authorization check is not threadsafe

     [ https://issues.apache.org/jira/browse/HIVE-5989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sushanth Sowmyan updated HIVE-5989:
-----------------------------------

    Component/s: Security
                 Metastore

> Hive metastore authorization check is not threadsafe
> ----------------------------------------------------
>
>                 Key: HIVE-5989
>                 URL: https://issues.apache.org/jira/browse/HIVE-5989
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore, Security
>    Affects Versions: 0.11.0
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>
> Metastore-side authorization has a couple of pretty important threadsafety bugs in it:
> a) The HiveMetastoreAuthenticated instantiated by the AuthorizationPreEventListener is static. This is a premature optimization and incorrect, as it will result in Authenticator implementations that store state potentially giving an incorrect result, and this bug very much exists with the DefaultMetastoreAuthenticator.
> b) It assumes HMSHandler.getHiveConf() is itself going to be thread-safe, which it is not. HMSHandler.getConf() is the appropriate thread-safe equivalent.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)