[jira] [Commented] (HDFS-7766) Add a flag to WebHDFS op=CREATE to not respond with a 307 redirect

Tue, 16 Feb 2016 10:41:38 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-7766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15149066#comment-15149066
 ] 

Ravi Prakash commented on HDFS-7766:
------------------------------------

Thanks for your comment Haohui! 

bq. the new behavior might block NN.
I do not understand how the new behavior might block the NN. Could you please 
elaborate? The only thing I've changed is the Namenode response from 307 to 
200. There has been no delay / wait added.

bq. It is much easier to write a WebHDFS client than abuse this capability than 
following the original behavior.
I don't understand how this change makes abuse easier. If a client had been 
allowed to create a file before, it was just as capable of abusing WebHDFS. 
What sort of abuse are you thinking of?

I thought it was brilliant when you first wrote the HTML5 UI to use exactly the 
same endpoint as everything else. It got us rid of so much code that was used 
only for the UI. I would prefer to keep it that way. A custom header is just as 
easily set as a parameter to the REST URL, so I don't see what that buys us in 
terms of security.

> Add a flag to WebHDFS op=CREATE to not respond with a 307 redirect
> ------------------------------------------------------------------
>
>                 Key: HDFS-7766
>                 URL: https://issues.apache.org/jira/browse/HDFS-7766
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>            Reporter: Ravi Prakash
>            Assignee: Ravi Prakash
>         Attachments: HDFS-7766.01.patch, HDFS-7766.02.patch, 
> HDFS-7766.03.patch, HDFS-7766.04.patch, HDFS-7766.04.patch, HDFS-7766.05.patch
>
>
> Please see 
> https://issues.apache.org/jira/browse/HDFS-7588?focusedCommentId=14276192&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14276192
> A backwards compatible manner we can fix this is to add a flag on the request 
> which would disable the redirect, i.e.
> {noformat}
> curl -i -X PUT 
> "http://<HOST>:<PORT>/webhdfs/v1/<PATH>?op=CREATE[&noredirect=<true|false>]
> {noformat}
> returns 200 with the DN location in the response.
> This would allow the Browser clients to get the redirect URL to put the file 
> to.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to