[
https://issues.apache.org/jira/browse/HADOOP-10379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13920845#comment-13920845
]
Hudson commented on HADOOP-10379:
---------------------------------
FAILURE: Integrated in Hadoop-Hdfs-trunk #1692 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1692/])
HADOOP-10379. Protect authentication cookies with the HttpOnly and Secure
flags. Contributed by Haohui Mai. (wheat9:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1574283)
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpCookieFlag.java
> Protect authentication cookies with the HttpOnly and Secure flags
> -----------------------------------------------------------------
>
> Key: HADOOP-10379
> URL: https://issues.apache.org/jira/browse/HADOOP-10379
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Haohui Mai
> Assignee: Haohui Mai
> Fix For: 2.4.0
>
> Attachments: HADOOP-10379.000.patch, HADOOP-10379.001.patch,
> HADOOP-10379.002.patch
>
>
> Browser vendors have adopted proposals to enhance the security of HTTP
> cookies. For example, the server can mark a cookie as {{Secure}} so that it
> will not be transfer via plain-text HTTP protocol, and the server can mark a
> cookie as {{HttpOnly}} to prohibit the JavaScript to access that cookie.
> This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie
> used for authentication purposes.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
