chris snow created KNOX-733:
-------------------------------
Summary: Knox shell client is susceptible to man-in-the-middle
attack
Key: KNOX-733
URL: https://issues.apache.org/jira/browse/KNOX-733
Project: Apache Knox
Issue Type: Bug
Reporter: chris snow
The Knox shell client does not verify the certificate of the server.
One option would be to provide another method where developers can provide
their own client, e.g.
public static Hadoop login( String url, String username, String password,
HttpClient client ) throws URISyntaxException { }
https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
I can provide a patch if you are happy with this approach.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
