> On April 13, 2016, 4:30 a.m., Lenni Kuff wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java, > > line 57 > > <https://reviews.apache.org/r/45859/diff/1/?file=1329281#file1329281line57> > > > > We shouldn't get in the business of validating passwords within Sentry, > > especially in plaintext. > > It is probably better to use something like .htaccess / .htpasswd, > > however that hooks into Jetty. That way we can do the authentication using > > certificates rather than this type of check. Perhaps this is actually a > > seperate item from just listing roles - we want to instead add basic ACL > > support (Admin-only) to the debug webpage.
Yes, the listing roles feature need at least some basic ACL support. I will create a jira about adding basic ACL support for Admin-only to the debug webpage. > On April 13, 2016, 4:30 a.m., Lenni Kuff wrote: > > sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html, line > > 65 > > <https://reviews.apache.org/r/45859/diff/1/?file=1329284#file1329284line65> > > > > Is it bad the password is cleartext? Thanks for pointing it out! I will update it in the next patch. - Li ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/45859/#review128608 ----------------------------------------------------------- On April 7, 2016, 3:57 a.m., Li Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/45859/ > ----------------------------------------------------------- > > (Updated April 7, 2016, 3:57 a.m.) > > > Review request for sentry, Anne Yu, Hao Hao, Lenni Kuff, and Sravya > Tirukkovalur. > > > Repository: sentry > > > Description > ------- > > Show role / privileges info in Sentry Service Webpage > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/AdminServlet.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java > 1bdea2c55de12a999f94ea33f8709311c7c2c7f2 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java > 94bd2a95c77a9691cbaa578ebf417e49c339b7ed > sentry-provider/sentry-provider-db/src/main/webapp/SentryService.html > ee112ce8d39626784d5d73ef0a4c28f43e7c4f1f > > Diff: https://reviews.apache.org/r/45859/diff/ > > > Testing > ------- > > > Thanks, > > Li Li > >
