[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13784762#comment-13784762
]
Edward Capriolo commented on HIVE-5400:
---------------------------------------
Agreed on the SQLException leave it as is. There is one more idea I want to
pitch. Does it make more sense to implement a blacklist then a whitelist?
Generally we fall on the side of leaving "dangerous" things on and not limiting
features. A good example is hive.strict.mode. It should be on by default it all
production deployments, but we have it off for the purposes of unit testing.
Maybe I am biased here, but as a person who used hadoop before "security" I
would rather things worked out of the box and I could turn them off later,
other then the opposite.
Again this is just a thought, and if you like the whitelist better lets just
keep this.
> Allow admins to disable compile and other commands
> --------------------------------------------------
>
> Key: HIVE-5400
> URL: https://issues.apache.org/jira/browse/HIVE-5400
> Project: Hive
> Issue Type: Sub-task
> Reporter: Brock Noland
> Assignee: Edward Capriolo
> Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch
>
>
> From here:
> https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
> I think we should afford admins who want to disable this functionality the
> ability to do so. Since such admins might want to disable other commands such
> as add or dfs, it wouldn't be much trouble to allow them to do this as well.
> For example we could have a configuration option "hive.available.commands"
> (or similar) which specified add,set,delete,reset, etc by default. Then check
> this value in CommandProcessorFactory. It would probably make sense to add
> this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
