[jira] [Created] (HIVE-28767) Add HIVE_SERVER2_AUTHENTICATION_JWT_JWKS_URL to hive restricted and hidden list

Ratnesh Mishra (Jira) Wed, 19 Feb 2025 06:51:16 -0800

Ratnesh Mishra created HIVE-28767:
-------------------------------------

             Summary: Add HIVE_SERVER2_AUTHENTICATION_JWT_JWKS_URL to hive 
restricted and hidden list
                 Key: HIVE-28767
                 URL: https://issues.apache.org/jira/browse/HIVE-28767
             Project: Hive
          Issue Type: Improvement
          Components: HiveServer2
    Affects Versions: 4.0.0
            Reporter: Ratnesh Mishra



HIVE-25575 added support for JWT based authentication in HiveServer2. In the 
same change config *hive.server2.authentication.jwt.jwks.url*  was introduced 
for fetching jwks.
However presently this config is open for any user to read or modify.
Could this be a potential security threat ?
And shouldn't we add this config to restricted and hidden list ?

Note : I can raise a PR with the changes if the above suggestion looks fine.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-28767) Add HIVE_SERVER2_AUTHENTICATION_JWT_JWKS_URL to hive restricted and hidden list

Reply via email to