alfredo config should be in a file not readable by users
--------------------------------------------------------
Key: HADOOP-7621
URL: https://issues.apache.org/jira/browse/HADOOP-7621
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 0.20.205.0, 0.23.0, 0.24.0
Reporter: Alejandro Abdelnur
Priority: Critical
Fix For: 0.20.205.0, 0.23.0, 0.24.0
[thxs ATM for point this one out]
Alfredo configuration currently is stored in the core-site.xml file, this file
is readable by users (it must be as Configuration defaults must be loaded).
One of Alfredo config values is a secret which is used by all nodes to
sign/verify the authentication cookie.
A user could get hold of this secret and forge authentication cookies for other
users.
Because of this the Alfredo configuration, should be move to a user
non-readable file.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
