hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lefty Leverenz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-14966) JDBC: Make cookie-auth work in HTTP mode
Date Sun, 16 Oct 2016 01:40:20 GMT

    [ https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15579088#comment-15579088
] 

Lefty Leverenz commented on HIVE-14966:
---------------------------------------

Does this need to be documented in the wiki?  If so, where?

* [Setting Up HiveServer2 -- Running in HTTP Mode | https://cwiki.apache.org/confluence/display/Hive/Setting+Up+HiveServer2#SettingUpHiveServer2-RunninginHTTPMode]
* [HiveServer2 Clients -- Supporting Cookie Replay in HTTP Mode | https://cwiki.apache.org/confluence/display/Hive/HiveServer2+Clients#HiveServer2Clients-SupportingCookieReplayinHTTPMode]

Adding a TODOC2.2 label because (at least) the wiki needs to be updated for the deprecation
of *hive.server2.thrift.http.cookie.is.secure*.

* [Configuration Properties -- hive.server2.thrift.http.cookie.is.secure | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.server2.thrift.http.cookie.is.secure]

> JDBC: Make cookie-auth work in HTTP mode
> ----------------------------------------
>
>                 Key: HIVE-14966
>                 URL: https://issues.apache.org/jira/browse/HIVE-14966
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.2.1, 2.1.0
>            Reporter: Gopal V
>            Assignee: Gopal V
>              Labels: TODOC2.2
>             Fix For: 2.2.0
>
>         Attachments: HIVE-14966.1.patch, HIVE-14966.2.patch
>
>
> HiveServer2 cookie-auth is non-functional and forces authentication to be repeated for
the status check loop, row fetch loop and the get logs loop.
> The repeated auth in the fetch-loop is a performance issue, but is also causing occasional
DoS responses from the remote auth-backend if this is not using local /etc/passwd.
> The HTTP-Cookie auth once made functional will behave similarly to the binary protocol,
authenticating exactly once per JDBC session and not causing further load on the authentication
backend irrespective how many rows are returned from the JDBC request.
> This due to the fact that the cookies are not sent out with matching flags for SSL usage.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message