Larry McCay created KNOX-3101:
---------------------------------
Summary: Change RemoteAuthProvider to use a hash of the Key used
for Caching
Key: KNOX-3101
URL: https://issues.apache.org/jira/browse/KNOX-3101
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Larry McCay
Fix For: 2.2.0
The initial implementation of RemoteAuthProvider caches authenticated Subjects
locally based on the header that contained the credentials. While the cache is
designed to provide only a few mins of caching, it is less than ideal to use
the credentials as keys. This needs to be strengthened to use a hash as to not
inadvertently risk leaking the credentials.
This will require some overhead involved in the hashing so we may need to find
something else but we shouldn't use the credentials themselves. We would
normally have to do a hash for implementing authentication for things like RDMS
or LDAP based passwords, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
