hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aihua Xu <...@cloudera.com>
Subject Re: Review Request 53021: HIVE-14984: Hive-WebUI access results in Request is a replay (34) attack
Date Thu, 20 Oct 2016 13:30:53 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53021/#review153388
-----------------------------------------------------------


Ship it!




Ship It!

- Aihua Xu


On Oct. 20, 2016, 9:47 a.m., Barna Zsombor Klara wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53021/
> -----------------------------------------------------------
> 
> (Updated Oct. 20, 2016, 9:47 a.m.)
> 
> 
> Review request for hive, Aihua Xu and Mohit Sabharwal.
> 
> 
> Repository: hive-git
> 
> 
> Description
> -------
> 
> HIVE-14984: Hive-WebUI access results in Request is a replay (34) attack
> 
> 
> Diffs
> -----
> 
>   common/src/java/org/apache/hive/http/HttpServer.java c4e2e33c6627be979daec5e7afa2ed82a039dde0

>   service/src/resources/hive-webapps/hiveserver2/index.html f18ba53e91518379b2f08a096fe08be899b293e3

>   service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java c9e0ac3a751b8824224bda4c5a0487d286ab069a

> 
> Diff: https://reviews.apache.org/r/53021/diff/
> 
> 
> Testing
> -------
> 
> Tested that in a secured cluster the hiveserver2.jsp is still only accessible with correct
credentials.
> Tested that the replay attack is not triggered when the context root is called.
> Added unit test comparing the contents of the html response for a query requesting the
context root and the jsp.
> 
> 
> Thanks,
> 
> Barna Zsombor Klara
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message