hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9711) Integrate CSRF prevention filter in WebHDFS.
Date Fri, 29 Jan 2016 06:07:41 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123030#comment-15123030
] 

Haohui Mai commented on HDFS-9711:
----------------------------------

bq.  Even if there was a way, it would defeat the intent of blocking the request. Something
like a malicious HTML form using POST would pick up the header on the redirect and then succeed.

It sounds like that we're talking about different things. Can you please walk me through what
happens if the client makes a WebHDFS request to the NN?

> Integrate CSRF prevention filter in WebHDFS.
> --------------------------------------------
>
>                 Key: HDFS-9711
>                 URL: https://issues.apache.org/jira/browse/HDFS-9711
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: datanode, namenode, webhdfs
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HDFS-9711.001.patch, HDFS-9711.002.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard against cross-site
request forgery attacks.  This issue tracks integration of that filter in WebHDFS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message