Thejas M Nair created HIVE-4887:
-----------------------------------
Summary: hive should have an option to disable non sql commands
that impose security risk
Key: HIVE-4887
URL: https://issues.apache.org/jira/browse/HIVE-4887
Project: Hive
Issue Type: Task
Components: Authorization, Security
Reporter: Thejas M Nair
Hive's RDBMS style of authorization (using grant/revoke), relies on all data
access being done through hive select queries. But hive also supports running
dfs commands, shell commands (eg "!cat file"), and shell commands through hive
streaming.
This creates problems in securing a hive server using this authorization model.
UDF is another way to write custom code that can compromise security, but you
can control that by restricting access to users to be only through jdbc
connection to hive server (2).
(note that there are other major problems such as this one - HIVE-3271)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
