[HADOOP-10379] Protect authentication cookies with the HttpOnly and Secure flags - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.4.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as Secure so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as HttpOnly to prohibit the JavaScript to access that cookie.

This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10379.000.patch
03/Mar/14 23:59
12 kB
Haohui Mai
HADOOP-10379.001.patch
04/Mar/14 19:59
13 kB
Haohui Mai
HADOOP-10379.002.patch
04/Mar/14 23:47
27 kB
Haohui Mai
HADOOP-10379-branch-1.000.patch
05/Mar/14 19:14
43 kB
Haohui Mai

Issue Links

breaks

HDFS-6548 AuthenticationToken will be ignored if the cookie value contains '@'

Resolved

Activity

People

Assignee:: Haohui Mai

Reporter:: Haohui Mai

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 03/Mar/14 22:36

Updated:: 17/Jun/14 03:52

Resolved:: 05/Mar/14 01:57