----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64002/#review191759 -----------------------------------------------------------
Ship it! Ship It! - Alexander Kolbasov On Nov. 22, 2017, 3:19 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64002/ > ----------------------------------------------------------- > > (Updated Nov. 22, 2017, 3:19 p.m.) > > > Review request for sentry. > > > Bugs: sentry-2068 > https://issues.apache.org/jira/browse/sentry-2068 > > > Repository: sentry > > > Description > ------- > > Disables the HTTP TRACE method by wrapping a constraint that requires > authentication when calling such method. > > See more info here: > http://www.imlc.me/why-we-need-to-disable-trace-method-and-how-to-disable-trace-in-embedded-jetty.html > https://www.owasp.org/index.php/Cross_Site_Tracing > https://reformatcode.com/code/http/java-embedded-jetty-is-accepting-http-trace-method > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java > 95b87add5814cc3c0851ca73ca6503306b840594 > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java > 09ee6b4493611c055dd7e96ab8a0b747fd4eb25b > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithSSL.java > d1d0b4be578ca9b4148a81073a21639cd8688156 > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java > 4a913e5189fa0aea7fb1770eb9f3e8e991289a50 > > > Diff: https://reviews.apache.org/r/64002/diff/2/ > > > Testing > ------- > > > Thanks, > > Sergio Pena > >
