Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10379

Protect authentication cookies with the HttpOnly and Secure flags

VotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as Secure so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as HttpOnly to prohibit the JavaScript to access that cookie.

      This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes.

        Attachments

        1. HADOOP-10379.000.patch
          12 kB
          Haohui Mai
        2. HADOOP-10379.001.patch
          13 kB
          Haohui Mai
        3. HADOOP-10379.002.patch
          27 kB
          Haohui Mai
        4. HADOOP-10379-branch-1.000.patch
          43 kB
          Haohui Mai

        Issue Links

          Activity

            People

            • Assignee:
              wheat9 Haohui Mai
              Reporter:
              wheat9 Haohui Mai

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment