[
https://issues.apache.org/jira/browse/HADOOP-10799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065697#comment-14065697
]
Daryn Sharp commented on HADOOP-10799:
--------------------------------------
I agree with [~vvasudev] that the token needs to be passed via headers,
probably using digest auth just like sasl. [~tucu00] and I once talked offline
about the insecurity of passing it in the url. With that said, do we really
want to propagate the "bad behavior" of webhdfs into common for multiple
components to use? We'll never be able to change w/o multiple
incompatibilities, right?
> Refactor HTTP delegation token logic from httpfs into reusable code in
> hadoop-common.
> -------------------------------------------------------------------------------------
>
> Key: HADOOP-10799
> URL: https://issues.apache.org/jira/browse/HADOOP-10799
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10799.patch, HADOOP-10799.patch,
> HADOOP-10799.patch, HADOOP-10799.patch, HADOOP-10799.patch,
> HADOOP-10799.patch, HADOOP-10799.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
