You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Thurman Turner (JIRA)" <ji...@apache.org> on 2007/09/19 00:23:44 UTC

[jira] Created: (HADOOP-1919) Add option to allow Binding Jetty to localhost

Add option to allow Binding Jetty to localhost
----------------------------------------------

                 Key: HADOOP-1919
                 URL: https://issues.apache.org/jira/browse/HADOOP-1919
             Project: Hadoop
          Issue Type: New Feature
    Affects Versions: 0.14.0
            Reporter: Thurman Turner
            Priority: Minor


We would like a configurable option to have Jetty bound to the loopback address of the machine so that the dfs-browser is not accessible from outside the host.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-1919) Add option to allow Binding Jetty to localhost

Posted by "Owen O'Malley (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12528646 ] 

Owen O'Malley commented on HADOOP-1919:
---------------------------------------

I think this is a bad idea. 

I assume you just mean the hdfs jetty servers, which are mostly used for showing status. (Clearly turning the map/reduce jetty servers off would prevent the system from working since jetty is used to move the outputs between maps and reduces.) However, even within that scope, I think it is too broad. For example, the hftp service is useful for distcp between versions of Hadoop. If you block the jetty server, that won't work.

What is your goal? Binding the hdfs namenode and datanode jetty servers to the localhost does not increase security in any way that I can see. Am I missing something?

> Add option to allow Binding Jetty to localhost
> ----------------------------------------------
>
>                 Key: HADOOP-1919
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1919
>             Project: Hadoop
>          Issue Type: New Feature
>    Affects Versions: 0.14.0
>            Reporter: Thurman Turner
>            Priority: Minor
>
> We would like a configurable option to have Jetty bound to the loopback address of the machine so that the dfs-browser is not accessible from outside the host.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-1919) Add option to allow Binding Jetty to localhost

Posted by "Raghu Angadi (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12528955 ] 

Raghu Angadi commented on HADOOP-1919:
--------------------------------------

Would it be ok to have the proposed bind option with the understanding that it will be used for good purpose :)?

> Add option to allow Binding Jetty to localhost
> ----------------------------------------------
>
>                 Key: HADOOP-1919
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1919
>             Project: Hadoop
>          Issue Type: New Feature
>    Affects Versions: 0.14.0
>            Reporter: Thurman Turner
>            Priority: Minor
>
> We would like a configurable option to have Jetty bound to the loopback address of the machine so that the dfs-browser is not accessible from outside the host.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-1919) Add option to allow Binding Jetty to localhost

Posted by "Raghu Angadi (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12528954 ] 

Raghu Angadi commented on HADOOP-1919:
--------------------------------------

Can some one run custom perl modules in Jetty?

As I understand, the localhost restriction is used so that someone can run some other http server on external interfaces. At that time I was asked to help from HDFS side for the proposed solution to work. W.r.t HDFS, it looks ok. Regd distcp(), obviously we can not have security of any form if distcp does not support it. So I guess if some one has to choose one of them, they might choose security depending on sensitivity of the data.


> Add option to allow Binding Jetty to localhost
> ----------------------------------------------
>
>                 Key: HADOOP-1919
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1919
>             Project: Hadoop
>          Issue Type: New Feature
>    Affects Versions: 0.14.0
>            Reporter: Thurman Turner
>            Priority: Minor
>
> We would like a configurable option to have Jetty bound to the loopback address of the machine so that the dfs-browser is not accessible from outside the host.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.