You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Mahadev konar (JIRA)" <ji...@apache.org> on 2013/06/06 07:38:21 UTC
[jira] [Commented] (AMBARI-2283) SecurityFilter does not allow
hostnames with non-alphabetic characters
[ https://issues.apache.org/jira/browse/AMBARI-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676718#comment-13676718 ]
Mahadev konar commented on AMBARI-2283:
---------------------------------------
Ximo,
The patch looks good but looks like we have some Logging which should either be debug log or probably removed:
{code}
LOG.info("Filtering " + reqUrl + " for security purposes");
LOG.info("OK, request can go on");
{code}
Can you please make that change?
Thanks
> SecurityFilter does not allow hostnames with non-alphabetic characters
> ----------------------------------------------------------------------
>
> Key: AMBARI-2283
> URL: https://issues.apache.org/jira/browse/AMBARI-2283
> Project: Ambari
> Issue Type: Bug
> Affects Versions: 1.3.0
> Reporter: Ximo Guanter
> Assignee: Ximo Guanter
> Attachments: 1.patch
>
>
> The SecurityFilter.java class has a very strict pattern matching which fails with hostnames that contain digits or hyphens. It should also be checking explicitly any connections that don't use the two-way authentication, instead of only checking those using the AGENT_ONE_WAY_AUTH port.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira