ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Review Request 54978: RANGER-1279 - Make static variable RangerCSRFPreventionFilter.IS_CSRF_ENABLED private
Date Thu, 22 Dec 2016 14:20:12 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54978/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-1279
    https://issues.apache.org/jira/browse/RANGER-1279


Repository: ranger


Description
-------

The static configuration variable RangerCSRFPreventionFilter.IS_CSRF_ENABLED is public, meaning
that a malicious application running in the same JVM as Ranger could disable CSRF protection.
It should be private instead.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java
556e2dc 

Diff: https://reviews.apache.org/r/54978/diff/


Testing
-------


Thanks,

Colm O hEigeartaigh


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message