----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53021/#review153388 -----------------------------------------------------------
Ship it! Ship It! - Aihua Xu On Oct. 20, 2016, 9:47 a.m., Barna Zsombor Klara wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53021/ > ----------------------------------------------------------- > > (Updated Oct. 20, 2016, 9:47 a.m.) > > > Review request for hive, Aihua Xu and Mohit Sabharwal. > > > Repository: hive-git > > > Description > ------- > > HIVE-14984: Hive-WebUI access results in Request is a replay (34) attack > > > Diffs > ----- > > common/src/java/org/apache/hive/http/HttpServer.java > c4e2e33c6627be979daec5e7afa2ed82a039dde0 > service/src/resources/hive-webapps/hiveserver2/index.html > f18ba53e91518379b2f08a096fe08be899b293e3 > service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java > c9e0ac3a751b8824224bda4c5a0487d286ab069a > > Diff: https://reviews.apache.org/r/53021/diff/ > > > Testing > ------- > > Tested that in a secured cluster the hiveserver2.jsp is still only accessible > with correct credentials. > Tested that the replay attack is not triggered when the context root is > called. > Added unit test comparing the contents of the html response for a query > requesting the context root and the jsp. > > > Thanks, > > Barna Zsombor Klara > >
