You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Haohui Mai (JIRA)" <ji...@apache.org> on 2014/03/03 23:37:22 UTC

[jira] [Created] (HADOOP-10379) Protect authentication cookies with the HttpOnly and Secure flags

Haohui Mai created HADOOP-10379:
-----------------------------------

             Summary: Protect authentication cookies with the HttpOnly and Secure flags
                 Key: HADOOP-10379
                 URL: https://issues.apache.org/jira/browse/HADOOP-10379
             Project: Hadoop Common
          Issue Type: Improvement
            Reporter: Haohui Mai
            Assignee: Haohui Mai


Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as {{Secure}} so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as {{HttpOnly}} to prohibit the JavaScript to access that cookie.

This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes.



--
This message was sent by Atlassian JIRA
(v6.2#6252)