> On Aug. 28, 2015, 1:47 a.m., Li Li wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java, > > line 79 > > <https://reviews.apache.org/r/37794/diff/4/?file=1055835#file1055835line79> > > > > As showColumns is public method in its parent class, it may have > > potential security problem when client directly call > > SentryFilterDDLTask.showColumns(..). Maybe it is better to just override > > showColumns like the one used in your first version? > > shen guoquan wrote: > The reason why I change this source code is I found all of show function > in the DDLTask is private except showColumn. I don't want to override the > only showColumn function. I will do some next jiras about show metadata such > as "describe table" > and "show tables". I want to keep code consistency. So I change it. > Thanks for your comment.
I am just thinking about if there is potential security situation when client bypass execute method and directly call showColumns, then it can get all columns even if it does not have the permission. - Li ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/37794/#review96815 ----------------------------------------------------------- On Aug. 27, 2015, 8:21 a.m., shen guoquan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/37794/ > ----------------------------------------------------------- > > (Updated Aug. 27, 2015, 8:21 a.m.) > > > Review request for sentry, Colin Ma, Dapeng Sun, and Sravya Tirukkovalur. > > > Repository: sentry > > > Description > ------- > > grant select(s) on table test_tb to role test_role; > > show columns in test_tb; > > Error: Error while compiling statement: FAILED: SemanticException No valid > privileges > Required privileges for this query: > Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; > (state=42000,code=40000) > > It should show s column > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java > PRE-CREATION > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java > ddfb222 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java > 8cd82ef > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java > 0291b6c > > sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/SimpleFileProviderBackend.java > 526a0e0 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java > 159b9d9 > > Diff: https://reviews.apache.org/r/37794/diff/ > > > Testing > ------- > > Run local unit case > > > Thanks, > > shen guoquan > >
