You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/09/30 17:04:04 UTC
[jira] [Commented] (AMBARI-13272) Backport from 2.1.0 - Set
HttpOnly and Secure flags for Ambari session cookies
[ https://issues.apache.org/jira/browse/AMBARI-13272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14936955#comment-14936955 ]
Hadoop QA commented on AMBARI-13272:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12764415/AMBARI-13272_branch-2.0.maint_01.patch
against trunk revision .
{color:red}-1 patch{color}. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/3881//console
This message is automatically generated.
> Backport from 2.1.0 - Set HttpOnly and Secure flags for Ambari session cookies
> ------------------------------------------------------------------------------
>
> Key: AMBARI-13272
> URL: https://issues.apache.org/jira/browse/AMBARI-13272
> Project: Ambari
> Issue Type: Task
> Affects Versions: 2.0.2
> Reporter: Robert Levas
> Assignee: Robert Levas
> Fix For: 2.0.3
>
> Attachments: AMBARI-13272_branch-2.0.maint_01.patch
>
>
> Ambari should set the following flags for session cookies.
> 1) https://www.owasp.org/index.php/HttpOnly
> 2) https://www.owasp.org/index.php/SecureFlag
> #2 only needs to be set when people configure for Ambari HTTPS
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)