Re: Review Request 45859: SENTRY-1120: Show role / privileges info in Sentry Service Webpage

Tue, 12 Apr 2016 21:31:11 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45859/#review128608
-----------------------------------------------------------




sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java
 (line 57)
<https://reviews.apache.org/r/45859/#comment192059>

    We shouldn't get in the business of validating passwords within Sentry, 
especially in plaintext. 
    It is probably better to use something like .htaccess / .htpasswd, however 
that hooks into Jetty. That way we can do the authentication using certificates 
rather than this type of check. Perhaps this is actually a seperate item from 
just listing roles - we want to instead add basic ACL support (Admin-only) to 
the debug webpage.



sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html (line 65)
<https://reviews.apache.org/r/45859/#comment192058>

    Is it bad the password is cleartext?


- Lenni Kuff


On April 7, 2016, 3:57 a.m., Li Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45859/
> -----------------------------------------------------------
> 
> (Updated April 7, 2016, 3:57 a.m.)
> 
> 
> Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya 
> Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Show role / privileges info in Sentry Service Webpage
> 
> 
> Diffs
> -----
> 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java
>  PRE-CREATION 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java
>  1bdea2c55de12a999f94ea33f8709311c7c2c7f2 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java
>  94bd2a95c77a9691cbaa578ebf417e49c339b7ed 
>   sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html 
> ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f 
> 
> Diff: https://reviews.apache.org/r/45859/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Li Li
> 
>

Reply via email to