You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Xinli Shang (JIRA)" <ji...@apache.org> on 2019/06/07 16:22:00 UTC

[jira] [Updated] (HIVE-21849) Carry over encryption table property to derived tables

     [ https://issues.apache.org/jira/browse/HIVE-21849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xinli Shang updated HIVE-21849:
-------------------------------
    Description: 
HIVE-21848 proposed to have a set of table properties to configure the ORC and Parquet encryption. In the scenario of CTLT and CTAS, the new table needs to have the same encryption table properties because they have the same type of sensitive data.

Furthermore, in the situation like 'insert into', if the source table has encrypted sensitive data but the destination doesn't have corresponding table property to define the encryption, then destination table will keep it as plaintext and hence leaks sensitive data. 

The fix is to carry over table properties for those selected columns from the source table to the destination table. 

The code change is working as a prototype.  I will share it out later after HIVE-21848 has an agreement in the community.

  was:
HIVE-21848 proposed to have a set of table properties to configure the ORC and Parquet encryption. In the scenario of CTLT and CTAS, the new table needs to have the same encryption table properties because they have the same type of sensitive data.

Furthermore, in the situation like 'insert into', if the source table has encrypted sensitive data but the destination doesn't have corresponding table property to define the encryption, then destination table will keep it as plaintext and hence leaks sensitive data. 

The code change is working as a prototype.  I will share it out later after HIVE-21848 has an agreement in the community.


> Carry over encryption table property to derived tables  
> --------------------------------------------------------
>
>                 Key: HIVE-21849
>                 URL: https://issues.apache.org/jira/browse/HIVE-21849
>             Project: Hive
>          Issue Type: Task
>          Components: HiveServer2
>    Affects Versions: 3.0.1
>            Reporter: Xinli Shang
>            Assignee: Xinli Shang
>            Priority: Major
>             Fix For: 3.0.1
>
>
> HIVE-21848 proposed to have a set of table properties to configure the ORC and Parquet encryption. In the scenario of CTLT and CTAS, the new table needs to have the same encryption table properties because they have the same type of sensitive data.
> Furthermore, in the situation like 'insert into', if the source table has encrypted sensitive data but the destination doesn't have corresponding table property to define the encryption, then destination table will keep it as plaintext and hence leaks sensitive data. 
> The fix is to carry over table properties for those selected columns from the source table to the destination table. 
> The code change is working as a prototype.  I will share it out later after HIVE-21848 has an agreement in the community.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)