You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Sushanth Sowmyan (JIRA)" <ji...@apache.org> on 2013/12/09 23:36:07 UTC
[jira] [Created] (HIVE-5989) Hive metastore authorization check is
not threadsafe
Sushanth Sowmyan created HIVE-5989:
--------------------------------------
Summary: Hive metastore authorization check is not threadsafe
Key: HIVE-5989
URL: https://issues.apache.org/jira/browse/HIVE-5989
Project: Hive
Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Sushanth Sowmyan
Assignee: Sushanth Sowmyan
Metastore-side authorization has a couple of pretty important threadsafety bugs in it:
a) The HiveMetastoreAuthenticated instantiated by the AuthorizationPreEventListener is static. This is a premature optimization and incorrect, as it will result in Authenticator implementations that store state potentially giving an incorrect result, and this bug very much exists with the DefaultMetastoreAuthenticator.
b) It assumes HMSHandler.getHiveConf() is itself going to be thread-safe, which it is not. HMSHandler.getConf() is the appropriate thread-safe equivalent.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)