[
https://issues.apache.org/jira/browse/HIVE-5253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782217#comment-13782217
]
Edward Capriolo commented on HIVE-5253:
---------------------------------------
On the security front. This is actually no different then letting someone say
"add jar". When someone run's "add jar" they are injecting code. Really this
patch just removes the manual time consuming manual parts (eclipse, build-jar,
copy jar to server). Also on the same front, doesn't pig allow someone to
supply jython and jruby udfs?
The simple solution is to simply remove the groovy.jar from your hive lib
directory, then this would fail :)
We should open up a separate issue in the parent, or possibly address security
concerns in 'Add ql syntax for inline java code creation'. That is out of scope
here this jira is only to build the dynamic functionality, the code is still
unreachable because the CompileProcessor is not available from the switch
statement in this patch.
> Create component to compile and jar dynamic code
> ------------------------------------------------
>
> Key: HIVE-5253
> URL: https://issues.apache.org/jira/browse/HIVE-5253
> Project: Hive
> Issue Type: Sub-task
> Reporter: Edward Capriolo
> Assignee: Edward Capriolo
> Attachments: HIVE-5253.10.patch.txt, HIVE-5253.1.patch.txt,
> HIVE-5253.3.patch.txt, HIVE-5253.3.patch.txt, HIVE-5253.3.patch.txt,
> HIVE-5253.8.patch.txt, HIVE-5253.9.patch.txt, HIVE-5253.patch.txt
>
>
--
This message was sent by Atlassian JIRA
(v6.1#6144)
