Hadoop Common
  1. Hadoop Common
  2. HADOOP-10379

Protect authentication cookies with the HttpOnly and Secure flags

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as Secure so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as HttpOnly to prohibit the JavaScript to access that cookie.

      This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes.

      1. HADOOP-10379.000.patch
        12 kB
        Haohui Mai
      2. HADOOP-10379.001.patch
        13 kB
        Haohui Mai
      3. HADOOP-10379.002.patch
        27 kB
        Haohui Mai
      4. HADOOP-10379-branch-1.000.patch
        43 kB
        Haohui Mai

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Haohui Mai
              Reporter:
              Haohui Mai
            • Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development