[jira] [Commented] (HDFS-3801) Provide a way to disable browsing of files from the web UI

Mon, 03 Dec 2012 13:08:00 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-3801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509045#comment-13509045
 ] 

Andy Isaacson commented on HDFS-3801:
-------------------------------------

Harsh,

What is the use case for this config option?  How would a cluster be configured 
so that this feature would be useful?

On a quick read, it appears to me that this disables the simple http browsing 
feature, but it doesn't appear that it actually prevents a simple HTTP client 
from retrieving the files.

If a cluster does not have Kerberos turned on, then any program that can 
connect to the HTTP port of DN+NN can retrieve files from HDFS.  If this config 
option completely removes that capability, then I could see it being useful.  
If this config option merely obscures this important security fact (but leaves 
the files available to a programatic interface), then I don't think we should 
implement it.
                
> Provide a way to disable browsing of files from the web UI
> ----------------------------------------------------------
>
>                 Key: HDFS-3801
>                 URL: https://issues.apache.org/jira/browse/HDFS-3801
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: namenode
>    Affects Versions: 2.0.0-alpha
>            Reporter: Harsh J
>            Assignee: Harsh J
>            Priority: Minor
>         Attachments: HDFS-3801.patch
>
>
> A few times we've had requests from users who wish to disable browsing of the 
> filesystem in the web UI completely, while keeping other servlet 
> functionality enabled (such as fsck, etc.). Right now, the cheap way to do 
> this is by blocking out the DN web port (50075) from access by clients, but 
> that also hampers HFTP transfers.
> We should instead provide a toggle config for the JSPs to use and disallow 
> browsing if the toggle's enabled. The config can be true by default, to not 
> change the behavior.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to