You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Haohui Mai (JIRA)" <ji...@apache.org> on 2014/03/03 23:37:22 UTC
[jira] [Created] (HADOOP-10379) Protect authentication cookies with
the HttpOnly and Secure flags
Haohui Mai created HADOOP-10379:
-----------------------------------
Summary: Protect authentication cookies with the HttpOnly and Secure flags
Key: HADOOP-10379
URL: https://issues.apache.org/jira/browse/HADOOP-10379
Project: Hadoop Common
Issue Type: Improvement
Reporter: Haohui Mai
Assignee: Haohui Mai
Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as {{Secure}} so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as {{HttpOnly}} to prohibit the JavaScript to access that cookie.
This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes.
--
This message was sent by Atlassian JIRA
(v6.2#6252)