You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sumit Gupta (JIRA)" <ji...@apache.org> on 2016/08/16 12:52:20 UTC

[jira] [Commented] (KNOX-733) Knox shell client is susceptible to man-in-the-middle attack

    [ https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422684#comment-15422684 ] 

Sumit Gupta commented on KNOX-733:
----------------------------------

An additional method to login that takes a httpclient seems fine to me.

>  Knox shell client is susceptible to man-in-the-middle attack
> -------------------------------------------------------------
>
>                 Key: KNOX-733
>                 URL: https://issues.apache.org/jira/browse/KNOX-733
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: chris snow
>
> The Knox shell client does not verify the certificate of the server.  
> One option would be to provide another method where developers can provide their own client, e.g.
> public static Hadoop login( String url, String username, String password, HttpClient client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)