ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahadev konar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-2283) SecurityFilter does not allow hostnames with non-alphabetic characters
Date Thu, 06 Jun 2013 05:38:21 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676718#comment-13676718
] 

Mahadev konar commented on AMBARI-2283:
---------------------------------------

Ximo,
 The patch looks good but looks like we have some Logging which should either be debug log
or probably removed:

{code}
LOG.info("Filtering " + reqUrl + " for security purposes");
 LOG.info("OK, request can go on");
{code}

Can you please make that change? 

Thanks
                
> SecurityFilter does not allow hostnames with non-alphabetic characters
> ----------------------------------------------------------------------
>
>                 Key: AMBARI-2283
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2283
>             Project: Ambari
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: Ximo Guanter
>            Assignee: Ximo Guanter
>         Attachments: 1.patch
>
>
> The SecurityFilter.java class has a very strict pattern matching which fails with hostnames
that contain digits or hyphens. It should also be checking explicitly any connections that
don't use the two-way authentication, instead of only checking those using the AGENT_ONE_WAY_AUTH
port.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message