[
https://issues.apache.org/jira/browse/HIVE-4911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13717669#comment-13717669
]
Thejas M Nair commented on HIVE-4911:
-------------------------------------
[~amalakar] I added some review comments in review board link.
+1 for having a separate config flag that enables the QOP for hive server2. HS2
-> client connection is usually more vulnerable compared to the network traffic
within a hadoop cluster, as the HS2 client is likely to be connecting over a
corporate wide network.
[~brocknoland] The patch would not work for HMS, that would new some more
change. (added a comment about that in review). But I am not sure if that needs
to be part of same jira.
I don't think it makes sense to use the same config param to set the SASL QOP
level for metastore. Should we just use hadoop.rpc.protection for that, as it
is usually considered as 'inside the cluster' (as opposed to HS2 which is like
a 'gateway server')
> Enable QOP configuration for Hive Server 2 thrift transport
> -----------------------------------------------------------
>
> Key: HIVE-4911
> URL: https://issues.apache.org/jira/browse/HIVE-4911
> Project: Hive
> Issue Type: New Feature
> Reporter: Arup Malakar
> Assignee: Arup Malakar
> Attachments: HIVE-4911-trunk-0.patch
>
>
> The QoP for hive server 2 should be configurable to enable encryption. A new
> configuration should be exposed "hive.server2.thrift.rpc.protection". This
> would give greater control configuring hive server 2 service.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
