[ https://issues.apache.org/jira/browse/HIVE-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15267649#comment-15267649 ]
Sergey Shelukhin commented on HIVE-13442: ----------------------------------------- {quote}After HIVE-13391 - we should stop sending any credentials from HiveServer2. That would be a separate jira. If HS2 is sending over any credentials - those should not be visible to the user. This would typically include the hive token - and gives the client access to whatever they want to read.{quote} This is the LLAP API - this is between the client and LLAP, HS2 is not involved in this part. {quote} I don't think we need to allow users to send in credentials. If we do - it would be better to separate credentials which are setup by HS2 for LLAP into a separate field which will be signed. A new field can be used for user specified credentials. External clients will need access to a token to talk to LLAP - so that would have to be sent over in a readable field.{quote} Hmm... these are the user credentials like HDFS tokens. So this is already what is done. > LLAP: refactor submit API to be amenable to signing > --------------------------------------------------- > > Key: HIVE-13442 > URL: https://issues.apache.org/jira/browse/HIVE-13442 > Project: Hive > Issue Type: Sub-task > Reporter: Sergey Shelukhin > Assignee: Sergey Shelukhin > Attachments: HIVE-13442.nogen.patch, HIVE-13442.patch, > HIVE-13442.patch, HIVE-13442.protobuf.patch > > > This is going to be a wire compat breaking change. -- This message was sent by Atlassian JIRA (v6.3.4#6332)