[
https://issues.apache.org/jira/browse/MAPREDUCE-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Devaraj Das updated MAPREDUCE-1026:
-----------------------------------
Assignee: Boris Shkolnik (was: Devaraj Das)
Summarizing:
1) The JobTracker generates the job token and persists that to the HDFS in the
jobId directory
2) The TaskTracker, as part of localization reads the token file, and localizes
it in the secure location on the local disk
3) ReduceTask reads that file, and computes a HMAC-SHA1 of the URL using the
token as the key, and sends it to the TT as part of the Map output request
4) The TT hosting the map output, reads the same key, and validates the HMAC.
If the validation is successful, the TT computes a HMAC-SHA1 of the HMAC-SHA1
that it just received, and sends it as a HTTP header in the map output response.
5) The reduce task in turn validates that. If the validation is successful, it
accepts the map output bytes.
> Shuffle should be secure
> ------------------------
>
> Key: MAPREDUCE-1026
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1026
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Owen O'Malley
> Assignee: Boris Shkolnik
>
> Since the user's data is available via http from the TaskTrackers, we should
> require a job-specific secret to access it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
