One other question, have you considered pooling at the Driver level? This could work transparently with no API changes. Basically "connections" would simply be logical connections over the same tunnel.
-- Jacques Nadeau CTO and Co-Founder, Dremio On Sun, Feb 21, 2016 at 5:07 PM, Jacques Nadeau <jacq...@dremio.com> wrote: > Sudheesh, thanks for putting this together. Reviewing Oracle > documentation, they expose this at the API level rather than through a > random query. I think we should probably model after that rather than > invent a new mechanism. This also means we can avoid things like query > parsing, execution roundtrip, query profiles, etc to provide this > functionality. > > See here: > > https://docs.oracle.com/cd/B28359_01/java.111/b31224/proxya.htm#BABEJEIA > > -- > Jacques Nadeau > CTO and Co-Founder, Dremio > > On Fri, Feb 19, 2016 at 2:18 PM, Keys Botzum <kbot...@maprtech.com> wrote: > >> This is a great feature to add to Drill and I'm excited to see design on >> it starting. >> >> The ability for an intermediate server that is likely already >> authenticating end users, to send end user identity down to Drill adds a >> key element into an end to end secure design by enabling Drill and the back >> end systems to see the real user and thus perform meaningful authorization. >> >> Back when I was building many JEE applications I know the DBAs where very >> frustrated that the application servers blinded them to the identity of the >> end user accessing important corporate data. When JEE application servers >> and databases finally added the ability to impersonate that addressed a lot >> of security concerns. Of course this isn't a perfect solution and I'm sure >> others will recognize that in some scenarios impersonation isn't the best >> approach, but having that as an option in Drill is very valuable. >> >> Keys >> _______________________________ >> Keys Botzum >> Senior Principal Technologist >> kbot...@maprtech.com <mailto:kbot...@maprtech.com> >> 443-718-0098 >> MapR Technologies >> http://www.mapr.com <http://www.mapr.com/> >> > On Feb 19, 2016, at 4:49 PM, Sudheesh Katkam <skat...@maprtech.com> >> wrote: >> > >> > Hey y’all, >> > >> > I plan to work on DRILL-4281 < >> https://issues.apache.org/jira/browse/DRILL-4281>: support for >> inbound/client impersonation. Please review the design document < >> https://docs.google.com/document/d/1g0KgugVdRbbIxxZrSCtO1PEHlvwczTLDb38k-npvwjA>, >> which is open for comments. There is also a link to proof-of-concept >> (slightly hacky). >> > >> > Thank you, >> > Sudheesh >> >> >
