> On May 20, 2016, 2:21 a.m., Siddharth Seth wrote: > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/ContainerRunnerImpl.java, > > line 267 > > <https://reviews.apache.org/r/46956/diff/2/?file=1387296#file1387296line267> > > > > A follow up jira may be to limit the age of keys. > > i.e. if a keyId is older than a certain amount of time - fail the > > request. I'm not sure how ZKSecretManager rotates these keys, and when they > > are invalidated. > > > > A user can potentially use an old (presumably compromsied key) to > > generate requests - which will be valid if keys are not rotated/aged.
https://issues.apache.org/jira/browse/HIVE-13820 - Sergey ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46956/#review134076 ----------------------------------------------------------- On May 21, 2016, 12:07 a.m., Sergey Shelukhin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46956/ > ----------------------------------------------------------- > > (Updated May 21, 2016, 12:07 a.m.) > > > Review request for hive, Gunther Hagleitner, Jason Dere, and Siddharth Seth. > > > Repository: hive-git > > > Description > ------- > > see jira > > > Diffs > ----- > > common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 4cfa5f1 > > llap-client/src/java/org/apache/hadoop/hive/llap/security/LlapTokenLocalClient.java > f10351b > llap-common/src/java/org/apache/hadoop/hive/llap/security/LlapSigner.java > PRE-CREATION > > llap-common/src/java/org/apache/hadoop/hive/llap/security/LlapTokenIdentifier.java > e28eddd > > llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java > 465b204 > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/ContainerRunnerImpl.java > 2524dc2 > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/LlapDaemon.java > de817e3 > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/LlapProtocolServerImpl.java > b94fc2e > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/LlapTokenChecker.java > 03ee055 > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/QueryTracker.java > 8abd198 > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskExecutorService.java > eac0e8f > > llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/TaskRunnerCallable.java > 74359fa > > llap-server/src/java/org/apache/hadoop/hive/llap/security/LlapSignerImpl.java > PRE-CREATION > > llap-server/src/test/org/apache/hadoop/hive/llap/daemon/impl/TaskExecutorTestHelpers.java > 279baf1 > > llap-server/src/test/org/apache/hadoop/hive/llap/daemon/impl/TestLlapTokenChecker.java > aaaa762 > > llap-server/src/test/org/apache/hadoop/hive/llap/daemon/impl/comparator/TestFirstInFirstOutComparator.java > a250882 > ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java c9b912b > > Diff: https://reviews.apache.org/r/46956/diff/ > > > Testing > ------- > > > Thanks, > > Sergey Shelukhin > >