[
https://issues.apache.org/jira/browse/HIVE-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15267649#comment-15267649
]
Sergey Shelukhin commented on HIVE-13442:
-----------------------------------------
{quote}After HIVE-13391 - we should stop sending any credentials from
HiveServer2. That would be a separate jira.
If HS2 is sending over any credentials - those should not be visible to the
user. This would typically include the hive token - and gives the client access
to whatever they want to read.{quote}
This is the LLAP API - this is between the client and LLAP, HS2 is not involved
in this part.
{quote}
I don't think we need to allow users to send in credentials. If we do - it
would be better to separate credentials which are setup by HS2 for LLAP into a
separate field which will be signed. A new field can be used for user specified
credentials. External clients will need access to a token to talk to LLAP - so
that would have to be sent over in a readable field.{quote}
Hmm... these are the user credentials like HDFS tokens. So this is already what
is done.
> LLAP: refactor submit API to be amenable to signing
> ---------------------------------------------------
>
> Key: HIVE-13442
> URL: https://issues.apache.org/jira/browse/HIVE-13442
> Project: Hive
> Issue Type: Sub-task
> Reporter: Sergey Shelukhin
> Assignee: Sergey Shelukhin
> Attachments: HIVE-13442.nogen.patch, HIVE-13442.patch,
> HIVE-13442.patch, HIVE-13442.protobuf.patch
>
>
> This is going to be a wire compat breaking change.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
