[
https://issues.apache.org/jira/browse/KNOX-882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-882:
-----------------------------
Labels: kip-4 (was: )
> Bind KnoxTokens to the Request Clients
> --------------------------------------
>
> Key: KNOX-882
> URL: https://issues.apache.org/jira/browse/KNOX-882
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Labels: kip-4
> Fix For: 0.12.0
>
>
> When issuing the KnoxToken, the requesting client IP address should be added
> to the resulting token. This IP address will then need to be validated
> against the IP address of any incoming request that presents the bearer token
> as proof of identity.
> This will prevent the misappropriation of a token from allowing access from
> any other machine.
> We will also want to make this binding requirement configurable and provide
> appropriate warning messages when not in use.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
