lmccay opened a new pull request, #996: URL: https://github.com/apache/knox/pull/996
## What changes were proposed in this pull request? The initial implementation of RemoteAuthProvider caches authenticated Subjects locally based on the header that contained the credentials. While the cache is designed to provide only a few mins of caching, it is less than ideal to use the credentials as keys. This needs to be strengthened to use a hash as to not inadvertently risk leaking the credentials. This will require some overhead involved in the hashing so we may need to find something else but we shouldn't use the credentials themselves. We would normally have to do a hash for implementing authentication for things like RDMS or LDAP based passwords, etc. ## How was this patch tested? Refactored and ran existing unit tests to ensure no regression was introduced. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
