hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Mackrory (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14114) S3A can no longer handle unencoded + in URIs
Date Thu, 23 Feb 2017 22:49:44 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15881485#comment-15881485

Sean Mackrory commented on HADOOP-14114:

By the way, this is what you get if you hit this issue with a + in the secret access key:

WARN s3native.S3xLoginHelper: The Filesystem URI contains login details. This is insecure
and may be unsupported in future.
ls: : getFileStatus on : com.amazonaws.services.s3.model.AmazonS3Exception: The request signature
we calculated does not match the signature you provided. Check your key and signing method.
(Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: ...),
S3 Extended Request ID: ...

> S3A can no longer handle unencoded + in URIs 
> ---------------------------------------------
>                 Key: HADOOP-14114
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14114
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.8.0
>            Reporter: Sean Mackrory
>            Assignee: Sean Mackrory
>         Attachments: HADOOP-14114.001.patch
> Amazon secret access keys can include alphanumeric characters, but also / and + (I wish
there was an official source that was really specific on what they can contain, but I'll have
to rely on a few blog posts and my own experience).
> Keys containing slashes used to be impossible to embed in the URL (e.g. s3a://access_key:secret_key@bucket/)
but it is now possible to do it via URL encoding. Pluses used to work, but that is now *only*
possible via URL encoding.
> In the case of pluses, they don't appear to cause any other problems for parsing. So
IMO the best all-around solution here is for people to URL-encode these keys always, but so
that keys that used to work just fine can continue to work fine, all we need to do is detect
that, log a warning, and we can re-encode it for the user.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message