alfredo config should be in a file not readable by users --------------------------------------------------------
Key: HADOOP-7621 URL: https://issues.apache.org/jira/browse/HADOOP-7621 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 0.20.205.0, 0.23.0, 0.24.0 Reporter: Alejandro Abdelnur Priority: Critical Fix For: 0.20.205.0, 0.23.0, 0.24.0 [thxs ATM for point this one out] Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded). One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie. A user could get hold of this secret and forge authentication cookies for other users. Because of this the Alfredo configuration, should be move to a user non-readable file. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira