Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10379

Protect authentication cookies with the HttpOnly and Secure flags

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as Secure so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as HttpOnly to prohibit the JavaScript to access that cookie.

      This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes.

        Attachments

        1. HADOOP-10379-branch-1.000.patch
          43 kB
          Haohui Mai
        2. HADOOP-10379.002.patch
          27 kB
          Haohui Mai
        3. HADOOP-10379.001.patch
          13 kB
          Haohui Mai
        4. HADOOP-10379.000.patch
          12 kB
          Haohui Mai

          Issue Links

            Activity

              People

              • Assignee:
                wheat9 Haohui Mai
                Reporter:
                wheat9 Haohui Mai
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: