hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Joseph Evans (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-3231) Improve Application Master And Job History UI Security
Date Wed, 26 Oct 2011 14:21:32 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-3231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136009#comment-13136009

Robert Joseph Evans commented on MAPREDUCE-3231:

users should be able to use their favorite language/framework for their AM UI, especially
when porting from existing apps
That is a good point Porting a UI from existing applications would add in extra overhead.
 But does open MPI have an existing GUI?  Does Giraph or pig or most of the other applications
that are in the process of being ported have an existing GUI?  About the only one that I can
think of is Twitter Storm, and there has been no progress on that in quite a while, so I don't
think it is that big of a deal.

Handling of raw HTML/CSS/JS is well studied by many in the industry (Caja, OWASP and ModSecurity

[Didn't you say that you don't trust Caja|https://issues.apache.org/jira/browse/MAPREDUCE-2858?focusedCommentId=13128712&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13128712].
 Why then didn't we go with a different library?

Inventing a new security scheme is almost always a bad idea, even for security experts. Having
a trusted front-end with a special interpreter for your special scheme is a recipe for disaster.

So Wiki/Twiki are a bad idea?  Because aren't they a trusted front-end with a special interpreter
for a special scheme?  Yes it is not all about security, but that is part of it because I
would never go to Wikipedia if I thought I could easily get a virus from it.

Writing secure and trusted webapp is hard even for experts. People are still finding security
bugs in facebook and google years after they were created.

Exactly so why do I want to let a user run code with security errors in it and remove the
possibility for me as the administrator of a cluster to fix those errors in a timely manor.
 If you look at Pig with Oozie.  Oozie requires that the pig jars be placed in HDFS in a special
directory so that they can be part of the distributed cache for Oozie to run.  Anyways from
what I have seen in the real world is that people don't think too much about the version of
pig that they put out there until there is a problem that makes their code not run.  I have
seen very very old version of pig that are no longer supported being run because there is
no motivation to fix it.  
> Improve Application Master And Job History UI Security
> ------------------------------------------------------
>                 Key: MAPREDUCE-3231
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3231
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>          Components: mrv2
>    Affects Versions: 0.23.0
>            Reporter: Robert Joseph Evans
>            Assignee: Robert Joseph Evans
>         Attachments: AMWebSecurityProposal.pdf
> I propose a stripped down JSON based protocol for creating safe user generate web pages.
 This JIRA is intended first of all as a place for a discussion about this proposal, and then
if there are no serious objections this will be an Umbrella JIRA to implement the changes

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message