A good suggestion. Pooling is going to important for performance.
Keys
_______________________________
Keys Botzum
Senior Principal Technologist
[email protected] <mailto:[email protected]>
443-718-0098
MapR Technologies
http://www.mapr.com <http://www.mapr.com/>
> On Feb 21, 2016, at 8:11 PM, Jacques Nadeau <[email protected]> wrote:
>
> One other question, have you considered pooling at the Driver level? This
> could work transparently with no API changes. Basically "connections" would
> simply be logical connections over the same tunnel.
>
> --
> Jacques Nadeau
> CTO and Co-Founder, Dremio
>
> On Sun, Feb 21, 2016 at 5:07 PM, Jacques Nadeau <[email protected]> wrote:
>
>> Sudheesh, thanks for putting this together. Reviewing Oracle
>> documentation, they expose this at the API level rather than through a
>> random query. I think we should probably model after that rather than
>> invent a new mechanism. This also means we can avoid things like query
>> parsing, execution roundtrip, query profiles, etc to provide this
>> functionality.
>>
>> See here:
>>
>> https://docs.oracle.com/cd/B28359_01/java.111/b31224/proxya.htm#BABEJEIA
>>
>> --
>> Jacques Nadeau
>> CTO and Co-Founder, Dremio
>>
>> On Fri, Feb 19, 2016 at 2:18 PM, Keys Botzum <[email protected]> wrote:
>>
>>> This is a great feature to add to Drill and I'm excited to see design on
>>> it starting.
>>>
>>> The ability for an intermediate server that is likely already
>>> authenticating end users, to send end user identity down to Drill adds a
>>> key element into an end to end secure design by enabling Drill and the back
>>> end systems to see the real user and thus perform meaningful authorization.
>>>
>>> Back when I was building many JEE applications I know the DBAs where very
>>> frustrated that the application servers blinded them to the identity of the
>>> end user accessing important corporate data. When JEE application servers
>>> and databases finally added the ability to impersonate that addressed a lot
>>> of security concerns. Of course this isn't a perfect solution and I'm sure
>>> others will recognize that in some scenarios impersonation isn't the best
>>> approach, but having that as an option in Drill is very valuable.
>>>
>>> Keys
>>> _______________________________
>>> Keys Botzum
>>> Senior Principal Technologist
>>> [email protected] <mailto:[email protected]>
>>> 443-718-0098
>>> MapR Technologies
>>> http://www.mapr.com <http://www.mapr.com/>
>>>> On Feb 19, 2016, at 4:49 PM, Sudheesh Katkam <[email protected]>
>>> wrote:
>>>>
>>>> Hey y’all,
>>>>
>>>> I plan to work on DRILL-4281 <
>>> https://issues.apache.org/jira/browse/DRILL-4281>: support for
>>> inbound/client impersonation. Please review the design document <
>>> https://docs.google.com/document/d/1g0KgugVdRbbIxxZrSCtO1PEHlvwczTLDb38k-npvwjA>,
>>> which is open for comments. There is also a link to proof-of-concept
>>> (slightly hacky).
>>>>
>>>> Thank you,
>>>> Sudheesh
>>>
>>>
>>
