[ https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422684#comment-15422684 ]
Sumit Gupta commented on KNOX-733: ---------------------------------- An additional method to login that takes a httpclient seems fine to me. > Knox shell client is susceptible to man-in-the-middle attack > ------------------------------------------------------------- > > Key: KNOX-733 > URL: https://issues.apache.org/jira/browse/KNOX-733 > Project: Apache Knox > Issue Type: Bug > Reporter: chris snow > > The Knox shell client does not verify the certificate of the server. > One option would be to provide another method where developers can provide > their own client, e.g. > public static Hadoop login( String url, String username, String password, > HttpClient client ) throws URISyntaxException { } > https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60 > I can provide a patch if you are happy with this approach. -- This message was sent by Atlassian JIRA (v6.3.4#6332)