[jira] [Commented] (KNOX-733) Knox shell client is susceptible to man-in-the-middle attack

Larry McCay (JIRA) Mon, 22 Aug 2016 06:20:42 -0700

    [ 
https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15430738#comment-15430738
 ]


Larry McCay commented on KNOX-733:
----------------------------------

Exporting gateway public cert for client truststores.

>  Knox shell client is susceptible to man-in-the-middle attack
> -------------------------------------------------------------
>
>                 Key: KNOX-733
>                 URL: https://issues.apache.org/jira/browse/KNOX-733
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: chris snow
>            Assignee: chris snow
>             Fix For: 0.10.0
>
>
> The Knox shell client does not verify the certificate of the server.  
> One option would be to provide another method where developers can provide 
> their own client, e.g.
> public static Hadoop login( String url, String username, String password, 
> HttpClient client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KNOX-733) Knox shell client is susceptible to man-in-the-middle attack

Reply via email to