Colm O hEigeartaigh created RANGER-1279:
-------------------------------------------
Summary: Make static variable
RangerCSRFPreventionFilter.IS_CSRF_ENABLED private
Key: RANGER-1279
URL: https://issues.apache.org/jira/browse/RANGER-1279
Project: Ranger
Issue Type: Bug
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 0.7.0
The static configuration variable RangerCSRFPreventionFilter.IS_CSRF_ENABLED is
public, meaning that a malicious application running in the same JVM as Ranger
could disable CSRF protection. It should be private instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
