You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/08/16 17:06:20 UTC
[jira] [Updated] (KNOX-733) Knox shell client is susceptible to
man-in-the-middle attack
[ https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated KNOX-733:
-----------------------------
Assignee: chris snow
> Knox shell client is susceptible to man-in-the-middle attack
> -------------------------------------------------------------
>
> Key: KNOX-733
> URL: https://issues.apache.org/jira/browse/KNOX-733
> Project: Apache Knox
> Issue Type: Bug
> Reporter: chris snow
> Assignee: chris snow
>
> The Knox shell client does not verify the certificate of the server.
> One option would be to provide another method where developers can provide their own client, e.g.
> public static Hadoop login( String url, String username, String password, HttpClient client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)