hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10379) Protect authentication cookies with the HttpOnly and Secure flags
Date Wed, 05 Mar 2014 13:46:07 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13920845#comment-13920845
] 

Hudson commented on HADOOP-10379:
---------------------------------

FAILURE: Integrated in Hadoop-Hdfs-trunk #1692 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1692/])
HADOOP-10379. Protect authentication cookies with the HttpOnly and Secure flags. Contributed
by Haohui Mai. (wheat9: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1574283)
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpCookieFlag.java


> Protect authentication cookies with the HttpOnly and Secure flags
> -----------------------------------------------------------------
>
>                 Key: HADOOP-10379
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10379
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Haohui Mai
>            Assignee: Haohui Mai
>             Fix For: 2.4.0
>
>         Attachments: HADOOP-10379.000.patch, HADOOP-10379.001.patch, HADOOP-10379.002.patch
>
>
> Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example,
the server can mark a cookie as {{Secure}} so that it will not be transfer via plain-text
HTTP protocol, and the server can mark a cookie as {{HttpOnly}} to prohibit the JavaScript
to access that cookie.
> This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for
authentication purposes.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message