[ https://issues.apache.org/jira/browse/HADOOP-10880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14096348#comment-14096348 ]
Alejandro Abdelnur commented on HADOOP-10880: --------------------------------------------- daryn, i've thinking about this. if we do that, how non-java clients will do it? a curl client for example. > Move HTTP delegation tokens out of URL querystring to a header > -------------------------------------------------------------- > > Key: HADOOP-10880 > URL: https://issues.apache.org/jira/browse/HADOOP-10880 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Priority: Blocker > Attachments: HADOOP-10880.patch, HADOOP-10880.patch, > HADOOP-10880.patch > > > Following up on a discussion in HADOOP-10799. > Because URLs are often logged, delegation tokens may end up in LOG files > while they are still valid. > We should move the tokens to a header. > We should still support tokens in the querystring for backwards compatibility. -- This message was sent by Atlassian JIRA (v6.2#6252)