hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10880) Move HTTP delegation tokens out of URL querystring to a header
Date Fri, 08 Aug 2014 16:11:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090916#comment-14090916
] 

Alejandro Abdelnur commented on HADOOP-10880:
---------------------------------------------

only requests authenticated by the authenticatorhandler (ie kerberos...) issue hadoop-auth
cookies, requests that present delegation tokens do not issue cookies (actually they issue
a expired one to force a flushing).

> Move HTTP delegation tokens out of URL querystring to a header
> --------------------------------------------------------------
>
>                 Key: HADOOP-10880
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10880
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>            Priority: Blocker
>         Attachments: HADOOP-10880.patch, HADOOP-10880.patch
>
>
> Following up on a discussion in HADOOP-10799.
> Because URLs are often logged, delegation tokens may end up in LOG files while they are
still valid. 
> We should move the tokens to a header.
> We should still support tokens in the querystring for backwards compatibility.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message