[ 
https://issues.apache.org/jira/browse/HIVE-14966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15576702#comment-15576702
 ] 

Vaibhav Gumashta commented on HIVE-14966:
-----------------------------------------

+1

Makes sense to me to use secure flag only when ssl is on (per 
https://tools.ietf.org/html/rfc6265#section-4.1.2).

> JDBC: Make cookie-auth work in HTTP mode
> ----------------------------------------
>
>                 Key: HIVE-14966
>                 URL: https://issues.apache.org/jira/browse/HIVE-14966
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.3.0, 2.2.0
>            Reporter: Gopal V
>            Assignee: Gopal V
>         Attachments: HIVE-14966.1.patch
>
>
> HiveServer2 cookie-auth is non-functional and forces authentication to be 
> repeated for the status check loop, row fetch loop and the get logs loop.
> The repeated auth in the fetch-loop is a performance issue, but is also 
> causing occasional DoS responses from the remote auth-backend if this is not 
> using local /etc/passwd.
> The HTTP-Cookie auth once made functional will behave similarly to the binary 
> protocol, authenticating exactly once per JDBC session and not causing 
> further load on the authentication backend irrespective how many rows are 
> returned from the JDBC request.
> This due to the fact that the cookies are not sent out with matching flags 
> for SSL usage.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to