[
https://issues.apache.org/jira/browse/HIVE-23498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17119073#comment-17119073
]
Naveen Gangam commented on HIVE-23498:
--------------------------------------
[~Rajkumar Singh] Thanks for the patch.
Thank you for your research about the OPTIONS method.
"options method is not a really vulnerability but can give a security hole to
the intruders"
The fix looks good to me.
Just a nit: I dont know if we need this to be configurable, given we never use
the OPTIONS method. Because it is potential security hole, I would prefer to
not make it configurable and just not support OPTIONS at all. It can be
explained to be not backward compatible. If there is a future need for it, we
can then consider making it configurable.
Could you please look into the test failure as well? Thanks
> Disable HTTP Trace method on ThriftHttpCliService
> -------------------------------------------------
>
> Key: HIVE-23498
> URL: https://issues.apache.org/jira/browse/HIVE-23498
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 3.1.2
> Reporter: Rajkumar Singh
> Assignee: Rajkumar Singh
> Priority: Major
> Attachments: HIVE-23498.01.patch, HIVE-23498.01.patch,
> HIVE-23498.02.patch, HIVE-23498.patch
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
