ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Levas <rle...@hortonworks.com>
Subject [DISCUSS] Session data made available to API resource handlers
Date Mon, 24 Nov 2014 14:30:00 GMT
Team…

I thought that this might be an interesting topic to discuss.  

I am looking at a situation where it would be nice to have a dynamically generated encryption
key stored in a web server session.  This key could be used to encrypt sensitive data that
needs to be shared across REST API calls during that session.   In the JIRA that I created
for this - https://issues.apache.org/jira/browse/AMBARI-8426 - I propose a use-case related
to the automation of enabling (or disabling) Kerberos in a cluster. 

If we take the more generate route that is proposed in the JIRA, we could possibly do other
things by storing data in the session - not just the encryption facility I need.  However
I would be happy to just have the encryption key if we wanted to limit the scope of access
to session data across REST API calls.

Please take a look and provide feedback or suggestions for alternative ways I might accomplish
this.  Since this is needed to the upcoming 2.0.0 release, I would like to have something
in the works by Wednesday. 

Thanks,

Rob


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message