Larry McCay created KNOX-882:
--------------------------------
Summary: Bind KnoxTokens to the Request Clients
Key: KNOX-882
URL: https://issues.apache.org/jira/browse/KNOX-882
Project: Apache Knox
Issue Type: Bug
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.12.0
When issuing the KnoxToken, the requesting client IP address should be added to
the resulting token. This IP address will then need to be validated against the
IP address of any incoming request that presents the bearer token as proof of
identity.
This will prevent the misappropriation of a token from allowing access from any
other machine.
We will also want to make this binding requirement configurable and provide
appropriate warning messages when not in use.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
