hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10878) Hadoop servlets need ACLs
Date Tue, 22 Jul 2014 18:58:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070704#comment-14070704

Allen Wittenauer commented on HADOOP-10878:

In particular, it would be great to lock down:

- metrics 
- webhdfs
- hftp

By host and/or user. There are likely others.

> Hadoop servlets need ACLs
> -------------------------
>                 Key: HADOOP-10878
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10878
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Allen Wittenauer
> As far as I'm aware, once a user gets past the HTTP-level authentication, all servlets
available on that port are available to the user.  This is a security hole as there is some
information and services that we don't want every user to be able to access or only want them
to access from certain locations.

This message was sent by Atlassian JIRA

View raw message