[jira] [Commented] (HADOOP-14114) S3A can no longer handle unencoded + in URIs

Thu, 23 Feb 2017 14:56:12 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15881485#comment-15881485
 ] 

Sean Mackrory commented on HADOOP-14114:
----------------------------------------

By the way, this is what you get if you hit this issue with a + in the secret 
access key:

{code}
WARN s3native.S3xLoginHelper: The Filesystem URI contains login details. This 
is insecure and may be unsupported in future.
ls: : getFileStatus on : com.amazonaws.services.s3.model.AmazonS3Exception: The 
request signature we calculated does not match the signature you provided. 
Check your key and signing method. (Service: Amazon S3; Status Code: 403; Error 
Code: SignatureDoesNotMatch; Request ID: ...), S3 Extended Request ID: ...
{code}

> S3A can no longer handle unencoded + in URIs 
> ---------------------------------------------
>
>                 Key: HADOOP-14114
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14114
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.8.0
>            Reporter: Sean Mackrory
>            Assignee: Sean Mackrory
>         Attachments: HADOOP-14114.001.patch
>
>
> Amazon secret access keys can include alphanumeric characters, but also / and 
> + (I wish there was an official source that was really specific on what they 
> can contain, but I'll have to rely on a few blog posts and my own experience).
> Keys containing slashes used to be impossible to embed in the URL (e.g. 
> s3a://access_key:secret_key@bucket/) but it is now possible to do it via URL 
> encoding. Pluses used to work, but that is now *only* possible via URL 
> encoding.
> In the case of pluses, they don't appear to cause any other problems for 
> parsing. So IMO the best all-around solution here is for people to URL-encode 
> these keys always, but so that keys that used to work just fine can continue 
> to work fine, all we need to do is detect that, log a warning, and we can 
> re-encode it for the user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to