You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Sushanth Sowmyan (JIRA)" <ji...@apache.org> on 2013/12/09 23:36:07 UTC

[jira] [Created] (HIVE-5989) Hive metastore authorization check is not threadsafe

Sushanth Sowmyan created HIVE-5989:
--------------------------------------

             Summary: Hive metastore authorization check is not threadsafe
                 Key: HIVE-5989
                 URL: https://issues.apache.org/jira/browse/HIVE-5989
             Project: Hive
          Issue Type: Bug
    Affects Versions: 0.11.0
            Reporter: Sushanth Sowmyan
            Assignee: Sushanth Sowmyan


Metastore-side authorization has a couple of pretty important threadsafety bugs in it:

a) The HiveMetastoreAuthenticated instantiated by the AuthorizationPreEventListener is static. This is a premature optimization and incorrect, as it will result in Authenticator implementations that store state potentially giving an incorrect result, and this bug very much exists with the DefaultMetastoreAuthenticator.

b) It assumes HMSHandler.getHiveConf() is itself going to be thread-safe, which it is not. HMSHandler.getConf() is the appropriate thread-safe equivalent.




--
This message was sent by Atlassian JIRA
(v6.1.4#6159)