[
https://issues.apache.org/jira/browse/HIVE-21849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xinli Shang updated HIVE-21849:
-------------------------------
Description:
HIVE-21848 proposed to have a set of table properties to configure the ORC and
Parquet encryption. In the scenario of CTLT and CTAS, the new table needs to
have the same encryption table properties because they have the same type of
sensitive data.
Furthermore, in the situation like 'insert into', if the source table has
encrypted sensitive data but the destination doesn't have corresponding table
property to define the encryption, then destination table will keep it as
plaintext and hence leaks sensitive data.
The fix is to carry over table properties for those selected columns from the
source table to the destination table.
The code change is working as a prototype. I will share it out later after
HIVE-21848 has an agreement in the community.
was:
HIVE-21848 proposed to have a set of table properties to configure the ORC and
Parquet encryption. In the scenario of CTLT and CTAS, the new table needs to
have the same encryption table properties because they have the same type of
sensitive data.
Furthermore, in the situation like 'insert into', if the source table has
encrypted sensitive data but the destination doesn't have corresponding table
property to define the encryption, then destination table will keep it as
plaintext and hence leaks sensitive data.
The code change is working as a prototype. I will share it out later after
HIVE-21848 has an agreement in the community.
> Carry over encryption table property to derived tables
> --------------------------------------------------------
>
> Key: HIVE-21849
> URL: https://issues.apache.org/jira/browse/HIVE-21849
> Project: Hive
> Issue Type: Task
> Components: HiveServer2
> Affects Versions: 3.0.1
> Reporter: Xinli Shang
> Assignee: Xinli Shang
> Priority: Major
> Fix For: 3.0.1
>
>
> HIVE-21848 proposed to have a set of table properties to configure the ORC
> and Parquet encryption. In the scenario of CTLT and CTAS, the new table needs
> to have the same encryption table properties because they have the same type
> of sensitive data.
> Furthermore, in the situation like 'insert into', if the source table has
> encrypted sensitive data but the destination doesn't have corresponding table
> property to define the encryption, then destination table will keep it as
> plaintext and hence leaks sensitive data.
> The fix is to carry over table properties for those selected columns from the
> source table to the destination table.
> The code change is working as a prototype. I will share it out later after
> HIVE-21848 has an agreement in the community.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
