You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "chris snow (JIRA)" <ji...@apache.org> on 2016/08/16 08:31:20 UTC

[jira] [Created] (KNOX-733) Knox shell client is susceptible to man-in-the-middle attack

chris snow created KNOX-733:
-------------------------------

             Summary:  Knox shell client is susceptible to man-in-the-middle attack
                 Key: KNOX-733
                 URL: https://issues.apache.org/jira/browse/KNOX-733
             Project: Apache Knox
          Issue Type: Bug
            Reporter: chris snow


The Knox shell client does not verify the certificate of the server.  

One option would be to provide another method where developers can provide their own client, e.g.

public static Hadoop login( String url, String username, String password, HttpClient client ) throws URISyntaxException { }

https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60

I can provide a patch if you are happy with this approach.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)