Haohui Mai created HADOOP-10379: ----------------------------------- Summary: Protect authentication cookies with the HttpOnly and Secure flags Key: HADOOP-10379 URL: https://issues.apache.org/jira/browse/HADOOP-10379 Project: Hadoop Common Issue Type: Improvement Reporter: Haohui Mai Assignee: Haohui Mai
Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example, the server can mark a cookie as {{Secure}} so that it will not be transfer via plain-text HTTP protocol, and the server can mark a cookie as {{HttpOnly}} to prohibit the JavaScript to access that cookie. This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for authentication purposes. -- This message was sent by Atlassian JIRA (v6.2#6252)