ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mahadev konar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-2283) SecurityFilter does not allow hostnames with non-alphabetic characters
Date Thu, 06 Jun 2013 06:46:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676763#comment-13676763
] 

Mahadev konar commented on AMBARI-2283:
---------------------------------------

[~edrevo] one minor thing, sorry abt the multiple iteration. I think we should just get rid
of:

LOG.debug("OK, request can go on");

and also make the following:

{code}
LOG.debug("OK, request can go on because it is using the safe port");
{code}

More useful like:

{code}
LOG.debug("Request can continue on secure port " + serReq.getLocalPort());
{code}

What do you think? 
                
> SecurityFilter does not allow hostnames with non-alphabetic characters
> ----------------------------------------------------------------------
>
>                 Key: AMBARI-2283
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2283
>             Project: Ambari
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: Ximo Guanter
>            Assignee: Ximo Guanter
>             Fix For: 1.3.0
>
>         Attachments: 1.patch, 2.patch
>
>
> The SecurityFilter.java class has a very strict pattern matching which fails with hostnames
that contain digits or hyphens. It should also be checking explicitly any connections that
don't use the two-way authentication, instead of only checking those using the AGENT_ONE_WAY_AUTH
port.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message