[
https://issues.apache.org/jira/browse/KNOX-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13621388#comment-13621388
]
Kevin Minder commented on KNOX-48:
----------------------------------
Currently the data node topology information is base64 encoded but not
encrypted.
> Cluster topology must not be exposed in datanode redirect query parameters
> --------------------------------------------------------------------------
>
> Key: KNOX-48
> URL: https://issues.apache.org/jira/browse/KNOX-48
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Kevin Minder
> Assignee: Kevin Minder
>
> From BUG-4326
> Currently when the Location header in a redirect from WebHDFS is rewritten to
> store the host and port of the datanode in user visible query parameters.
> These values should not be user visible as this exposes the topology of the
> Hadoop cluster. These values should be encrypted. The suggestion is to
> encrypt and base64 encode a set query params that are placed on the user
> visible URL with a special query param. For example:
> ...?op=CREATE&_=<base64>
> where the <based64> would decode and decrypt into something like
> datanode.host=<hostname>&datanode.port=<port>
> The example exposed param name (i.e. '_') and hidden params (i.e.
> datanode.host, datanode.port) are not prescriptive.
> Note: jQuery appears to add an '_' query param as a workaround to an IE
> caching issue. Should probably pick something else. An alternate proposal is
> to encrypt the entire query string as suggested here
> http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
