Review Request 64002: SENTRY-2068: Disable HTTP TRACE method from the Sentry Web Server

Sergio Pena via Review Board Tue, 21 Nov 2017 12:46:49 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64002/
-----------------------------------------------------------


Review request for sentry.


Bugs: sentry-2068
    https://issues.apache.org/jira/browse/sentry-2068


Repository: sentry


Description
-------

Disables the HTTP TRACE method by wrapping a constraint that requires 
authentication when calling such method.

See more info here:
http://www.imlc.me/why-we-need-to-disable-trace-method-and-how-to-disable-trace-in-embedded-jetty.html
https://www.owasp.org/index.php/Cross_Site_Tracing
https://reformatcode.com/code/http/java-embedded-jetty-is-accepting-http-trace-method


Diffs
-----

  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java
 95b87add5814cc3c0851ca73ca6503306b840594 


Diff: https://reviews.apache.org/r/64002/diff/1/


Testing
-------


Thanks,

Sergio Pena

Review Request 64002: SENTRY-2068: Disable HTTP TRACE method from the Sentry Web Server

Reply via email to