You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2013/04/03 23:43:15 UTC
[jira] [Created] (KNOX-48) Cluster topology must not be exposed in
datanode redirect query parameters
Kevin Minder created KNOX-48:
--------------------------------
Summary: Cluster topology must not be exposed in datanode redirect query parameters
Key: KNOX-48
URL: https://issues.apache.org/jira/browse/KNOX-48
Project: Apache Knox
Issue Type: New Feature
Components: Server
Reporter: Kevin Minder
>From BUG-4326
Currently when the Location header in a redirect from WebHDFS is rewritten to store the host and port of the datanode in user visible query parameters. These values should not be user visible as this exposes the topology of the Hadoop cluster. These values should be encrypted. The suggestion is to encrypt and base64 encode a set query params that are placed on the user visible URL with a special query param. For example:
...?op=CREATE&_=<base64>
where the <based64> would decode and decrypt into something like
datanode.host=<hostname>&datanode.port=<port>
The example exposed param name (i.e. '_') and hidden params (i.e. datanode.host, datanode.port) are not prescriptive.
Note: jQuery appears to add an '_' query param as a workaround to an IE caching issue. Should probably pick something else. An alternate proposal is to encrypt the entire query string as suggested here
http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira