Haohui Mai created HADOOP-10379:
-----------------------------------
Summary: Protect authentication cookies with the HttpOnly and
Secure flags
Key: HADOOP-10379
URL: https://issues.apache.org/jira/browse/HADOOP-10379
Project: Hadoop Common
Issue Type: Improvement
Reporter: Haohui Mai
Assignee: Haohui Mai
Browser vendors have adopted proposals to enhance the security of HTTP cookies.
For example, the server can mark a cookie as {{Secure}} so that it will not be
transfer via plain-text HTTP protocol, and the server can mark a cookie as
{{HttpOnly}} to prohibit the JavaScript to access that cookie.
This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie
used for authentication purposes.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
