drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Venki Korukanti <venki.koruka...@gmail.com>
Subject Re: User Authentication patch: question with regards to UserCredentials versus properties.
Date Tue, 07 Apr 2015 05:44:17 GMT
Currently we add UserCredentials to every PlanFragment we generate as part
of the query. PlanFragments are distributed across the Drillbits in
cluster. Adding password to UserCredentials will expose the password to all
Drillbits beyond the Drillbit where the UserSession is. This is main reason
I didn't want to add password to UserCredentials for now. In future if we
want to securely identify PlanFragment, we can make use of other methods
such as delegation token.

Adding the password to Properties list is not something Drill introduced.
JDBC already gets the username and password are through Properties which
become part of UserSession at connected Drillbit. We currently get username
property in UserCredentials object from Properties we got from JDBC.

Thanks
Venki



On Mon, Apr 6, 2015 at 10:02 PM, Jacques Nadeau <jacques@apache.org> wrote:

> Hey Venki et al,
>
> I just saw that DRILL-2674 went in.  It looks like we're handling the
> password field as a general property.  The intention of the UserCredentials
> object is that it would be expanded to support the other fields that were
> required as part of user credentials (beyond just username).  Was there a
> reason that you decided to use a general property rather than expanding the
> credential object to specifically hold the password?
>
> thx
> Jacques
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message