You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Mahadev konar (JIRA)" <ji...@apache.org> on 2013/06/06 07:38:21 UTC

[jira] [Commented] (AMBARI-2283) SecurityFilter does not allow hostnames with non-alphabetic characters

    [ https://issues.apache.org/jira/browse/AMBARI-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676718#comment-13676718 ] 

Mahadev konar commented on AMBARI-2283:
---------------------------------------

Ximo,
 The patch looks good but looks like we have some Logging which should either be debug log or probably removed:

{code}
LOG.info("Filtering " + reqUrl + " for security purposes");
 LOG.info("OK, request can go on");
{code}

Can you please make that change? 

Thanks
                
> SecurityFilter does not allow hostnames with non-alphabetic characters
> ----------------------------------------------------------------------
>
>                 Key: AMBARI-2283
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2283
>             Project: Ambari
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: Ximo Guanter
>            Assignee: Ximo Guanter
>         Attachments: 1.patch
>
>
> The SecurityFilter.java class has a very strict pattern matching which fails with hostnames that contain digits or hyphens. It should also be checking explicitly any connections that don't use the two-way authentication, instead of only checking those using the AGENT_ONE_WAY_AUTH port.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira