[GitHub] [incubator-kyuubi] bowenliang123 commented on a diff in pull request #3235: [KYUUBI #3222] JDBC Authentication Provider for server

GitBox Tue, 16 Aug 2022 10:55:56 -0700


bowenliang123 commented on code in PR #3235:
URL: https://github.com/apache/incubator-kyuubi/pull/3235#discussion_r947087588



##########
kyuubi-common/src/main/scala/org/apache/kyuubi/config/KyuubiConf.scala:
##########
@@ -645,6 +647,51 @@ object KyuubiConf {
       .stringConf
       .createWithDefault("uid")
 
+  val AUTHENTICATION_JDBC_DRIVER: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.jdbc.driver.class")
+      .doc("Driver class name for JDBC Authentication Provider.")
+      .version("1.6.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_JDBC_URL: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.jdbc.url")
+      .doc("JDBC URL for JDBC Authentication Provider.")
+      .version("1.6.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_JDBC_USERNAME: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.jdbc.username")
+      .doc("Database username for JDBC Authentication Provider.")
+      .version("1.6.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_JDBC_PASSWORD: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.jdbc.password")
+      .doc("Database password for JDBC Authentication Provider.")
+      .version("1.6.0")
+      .stringConf
+      .createOptional
+
+  val AUTHENTICATION_JDBC_QUERY: OptionalConfigEntry[String] =
+    buildConf("kyuubi.authentication.jdbc.query")
+      .doc("Query SQL template with placeholders " +
+        "for JDBC Authentication Provider to execute. " +
+        "Authentication passes if at least one row fetched in the result set." 
+
+        "Available placeholders are: <ul>" +
+        "<li>`${username}`</li>" +
+        "<li>`${password}`</li></ul>" +
+        "eg.: query sql `SELECT 1 FROM auth_table WHERE user=${username} AND " 
+
+        "passwd=MD5(CONCAT(salt,${password}));` " +
+        "will be prepared as: `SELECT 1 FROM auth_table " +
+        "WHERE user=? AND passwd=MD5(CONCAT(salt,?));`" +
+        " with value replacement of `username` and `password` in string type.")
+      .version("1.6.0")
+      .stringConf
+      .createOptional

Review Comment:
   > I'm neutral here. For SQL dialect concerns, md5 is a common function 
supported by most of dbms, ref: 
[apache/spark#37169](https://github.com/apache/spark/pull/37169). But in other 
hand, md5 w/o salt is not security
   
   alright. and thx for the link to 
[apache/spark#37169](https://github.com/apache/spark/pull/37169). it is clear 
and helpful.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [incubator-kyuubi] bowenliang123 commented on a diff in pull request #3235: [KYUUBI #3222] JDBC Authentication Provider for server

Reply via email to