You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by "Chiran Ravani (JIRA)" <ji...@apache.org> on 2019/03/20 13:27:00 UTC

[jira] [Created] (ATLAS-3085) Capturing Hive DMLs through HiveHook can expose sensitive data

Chiran Ravani created ATLAS-3085:
------------------------------------

             Summary: Capturing Hive DMLs through HiveHook can expose sensitive data
                 Key: ATLAS-3085
                 URL: https://issues.apache.org/jira/browse/ATLAS-3085
             Project: Atlas
          Issue Type: Bug
          Components:  atlas-core
    Affects Versions: 1.1.0
            Reporter: Chiran Ravani


When Atlas HiveHook is enabled, it captures DML statements which can have sensitive data and the entity is created under type hive_process with the name as DML Statement itself.

Steps to reproduce:
{code:java}
CREATE TABLE test_hive_atlas
(SSIN int,
name string)
CLUSTERED BY (SSIN) INTO 3 BUCKETS STORED AS ORC TBLPROPERTIES('transactional'='true');

set hive.txn.manager=org.apache.hadoop.hive.ql.lockmgr.DbTxnManager;
set hive.support.concurrency=true;
set hive.enforce.bucketing=true;
set hive.exec.dynamic.partition.mode=nonstrict;
set hive.txn.strict.locking.mode=true;

insert into test_hive_atlas(12398431, 'Name1');
insert into test_hive_atlas values(342198432, 'Name2');{code}
 

After running the above statements, an entity is created in atlas under hive_process with its name as insert statement, a configuration to disable DMLs for HiveHook will help.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)