You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2013/07/18 20:06:49 UTC

[jira] [Updated] (KNOX-48) Cluster topology must not be exposed in datanode redirect query parameters

     [ https://issues.apache.org/jira/browse/KNOX-48?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Minder updated KNOX-48:
-----------------------------

    Affects Version/s: 0.2.0
        Fix Version/s: 0.4.0
             Assignee: Kevin Minder
    
> Cluster topology must not be exposed in datanode redirect query parameters
> --------------------------------------------------------------------------
>
>                 Key: KNOX-48
>                 URL: https://issues.apache.org/jira/browse/KNOX-48
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 0.2.0
>            Reporter: Kevin Minder
>            Assignee: Kevin Minder
>             Fix For: 0.4.0
>
>
> From BUG-4326
> Currently when the Location header in a redirect from WebHDFS is rewritten to store the host and port of the datanode in user visible query parameters. These values should not be user visible as this exposes the topology of the Hadoop cluster. These values should be encrypted. The suggestion is to encrypt and base64 encode a set query params that are placed on the user visible URL with a special query param. For example:
> ...?op=CREATE&_=<base64>
> where the <based64> would decode and decrypt into something like
> datanode.host=<hostname>&datanode.port=<port>
> The example exposed param name (i.e. '_') and hidden params (i.e. datanode.host, datanode.port) are not prescriptive. 
> Note: jQuery appears to add an '_' query param as a workaround to an IE caching issue. Should probably pick something else. An alternate proposal is to encrypt the entire query string as suggested here
> http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira