Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
While attempting to get Ozone to production, we found several security flaws regarding S3 auth.
Some of them we have already done (HDDS-7191, HDDS-7815), some of them are in progress (HDDS-8050,HDDS-7814), and some are to be implemented.
This Jira has several purposes:
- To be an umbrella Jira for work regarding improving S3 security
- To share our vision regarding S3 security
I attached a design document that describes all the security flaws we have found. Eliminating them will drastically increase Ozone S3 security.