[
https://issues.apache.org/jira/browse/HADOOP-10880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14113605#comment-14113605
]
Aaron T. Myers commented on HADOOP-10880:
-----------------------------------------
Latest patch looks pretty good to me. Just a few small comments:
# Lower-case this "O", and upper-case this "f":
"useQueryStringforDelegationTOken"
# This comment about the default behavior seems inaccurate, given that the
default value for "useQueryStringforDelegationTOken" is "true":
{code}
+ * By default it is transmitted using the
+ * {@link DelegationTokenAuthenticator#DELEGATION_TOKEN_HEADER} HTTP header.
{code}
# Recommend renaming "getUseQueryStringForDelegationToken" to
"shouldUseQueryStringForDelegationToken" or perhaps just
"useQueryStringForDelegationToken".
+1 once these are addressed.
> Move HTTP delegation tokens out of URL querystring to a header
> --------------------------------------------------------------
>
> Key: HADOOP-10880
> URL: https://issues.apache.org/jira/browse/HADOOP-10880
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Blocker
> Attachments: HADOOP-10880.patch, HADOOP-10880.patch,
> HADOOP-10880.patch
>
>
> Following up on a discussion in HADOOP-10799.
> Because URLs are often logged, delegation tokens may end up in LOG files
> while they are still valid.
> We should move the tokens to a header.
> We should still support tokens in the querystring for backwards compatibility.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
