----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53021/ -----------------------------------------------------------
Review request for hive, Aihua Xu and Mohit Sabharwal. Repository: hive-git Description ------- HIVE-14984: Hive-WebUI access results in Request is a replay (34) attack Diffs ----- common/src/java/org/apache/hive/http/HttpServer.java c4e2e33c6627be979daec5e7afa2ed82a039dde0 service/src/resources/hive-webapps/hiveserver2/index.html f18ba53e91518379b2f08a096fe08be899b293e3 service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java c9e0ac3a751b8824224bda4c5a0487d286ab069a Diff: https://reviews.apache.org/r/53021/diff/ Testing ------- Tested that in a secured cluster the hiveserver2.jsp is still only accessible with correct credentials. Tested that the replay attack is not triggered when the context root is called. Added unit test comparing the contents of the html response for a query requesting the context root and the jsp. Thanks, Barna Zsombor Klara
