[
https://issues.apache.org/jira/browse/SENTRY-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15174637#comment-15174637
]
Lenni Kuff commented on SENTRY-1087:
------------------------------------
Thanks for updating the patch. A few additional comments:
* getSerdeURI() - It's strange that this returns void. Should this be called
setSerdeURI() ? Can you also comment someplace what a null serDe URI means
(seems like it means we skip the authorization checks).
* nit: can separate the check for serdeURIPrivilegesEnabled from the if
statement in getSerdeURI()? For example:
if (!serdeURIPrivilegesEnabled) return;
if (...)
* startsWith(..) - Can you rename this to something more meaningful? Maybe
hasPrefixMatch()?
* Since the checks are at done on the package namespace level, what's stopping
someone from bypassing security checks by adding a JAR with the same namespace?
For example: org.apache.hadoop.hive.serde2.UserSerDe?
> Capture URI when using Hive Serdes
> ----------------------------------
>
> Key: SENTRY-1087
> URL: https://issues.apache.org/jira/browse/SENTRY-1087
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Reporter: Hao Hao
> Assignee: Hao Hao
> Priority: Critical
> Attachments: SENTRY-1087.0.patch, SENTRY-1087.1.patch,
> SENTRY-1087.2.patch, SENTRY-1087.3.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
