[
https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15423192#comment-15423192
]
Larry McCay commented on KNOX-733:
----------------------------------
The DSL should concentrate on keeping the underlying implementation hidden. If
we can't do this for some reason than it may be acceptable to leak some of that
for "power users". IMO - it is possible to hide it though. The question is
whether we codify the "config" or require a configuration file - which would be
unfortunate. Maybe we could get away with env variables or system properties?
This would allow the programmer to remain agnostic to implementation details
but the person that runs/schedules it to run would need to provision execution
details. Not sure the best approach here. Which is why it is still in the state
it is in. :)
> Knox shell client is susceptible to man-in-the-middle attack
> -------------------------------------------------------------
>
> Key: KNOX-733
> URL: https://issues.apache.org/jira/browse/KNOX-733
> Project: Apache Knox
> Issue Type: Bug
> Reporter: chris snow
> Assignee: chris snow
>
> The Knox shell client does not verify the certificate of the server.
> One option would be to provide another method where developers can provide
> their own client, e.g.
> public static Hadoop login( String url, String username, String password,
> HttpClient client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
