sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lenni Kuff (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-1087) Capture URI when using Hive Serdes
Date Tue, 01 Mar 2016 23:40:18 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15174637#comment-15174637
] 

Lenni Kuff commented on SENTRY-1087:
------------------------------------

Thanks for updating the patch. A few additional comments:

* getSerdeURI() - It's strange that this returns void. Should this be called setSerdeURI()
? Can you also comment someplace what a null serDe URI means (seems like it means we skip
the authorization checks).
* nit: can separate the check for serdeURIPrivilegesEnabled from the if statement in getSerdeURI()?
For example:

   if (!serdeURIPrivilegesEnabled) return; 

   if (...)

* startsWith(..) - Can you rename this to something more meaningful? Maybe hasPrefixMatch()?

* Since the checks are at done on the package namespace level, what's stopping someone from
bypassing security checks by adding a JAR with the same namespace? For example: org.apache.hadoop.hive.serde2.UserSerDe?

> Capture URI when using Hive Serdes
> ----------------------------------
>
>                 Key: SENTRY-1087
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1087
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>            Reporter: Hao Hao
>            Assignee: Hao Hao
>            Priority: Critical
>         Attachments: SENTRY-1087.0.patch, SENTRY-1087.1.patch, SENTRY-1087.2.patch, SENTRY-1087.3.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message