turboFei commented on code in PR #2601:
URL: https://github.com/apache/celeborn/pull/2601#discussion_r1674028237
##########
service/src/main/scala/org/apache/celeborn/server/common/http/authentication/AuthenticationFilter.scala:
##########
@@ -64,6 +66,13 @@ class AuthenticationFilter(conf: CelebornConf, serviceName:
String) extends Filt
case Service.WORKER =>
conf.get(CelebornConf.WORKER_HTTP_PROXY_CLIENT_IP_HEADER)
}
+ private val administrators: Set[String] = serviceName match {
+ case Service.MASTER =>
+ conf.get(CelebornConf.MASTER_HTTP_AUTH_ADMINISTERS).toSet +
Utils.currentUser
Review Comment:
thanks, after think twice, I remove it.
Due that for celeborn, kerberos is not common enabled, and the server might
be launched with normal linux user.
To prevent the admin privileges leak, it is better not Implicit add the
system property `user.name` into administrator list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
