> On Jan. 21, 2016, 9:46 a.m., Jarek Cecho wrote: > > Thanks for the patch Colin! > > > > I was thinking about the approach and I have a small concern, so I wanted > > to run it by you (and the rest of the community). When I look at Hadoop and > > other components, the "debug" interface runs as a simple HTTP page(s) on > > completely different ports. E.g. the thread dump and other debug pages are > > not part of the normal public APIs. I believe that this is because by > > exposing the debug info on separate interface makes it easy to disable > > access to it (on firewall or even in component's own configuration). I'm > > concerned that by offering the debug info as part of our main REST > > interface we might be opening a security hole when users will start be > > concerned about leaking sensitive information. We could possibly solve that > > problem by using our authorization model to protect those calls, but I'm > > not sure if it's necessary. What do you think?
Good caught, it's very important to add authorization for the debug info. I'll update the patch for that. - Colin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42446/#review115601 ----------------------------------------------------------- On Jan. 20, 2016, 3:18 a.m., Colin Ma wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42446/ > ----------------------------------------------------------- > > (Updated Jan. 20, 2016, 3:18 a.m.) > > > Review request for Sqoop. > > > Repository: sqoop-sqoop2 > > > Description > ------- > > Add web interface for thread dump, user can get the information from the > shell. > > > Diffs > ----- > > client/src/main/java/org/apache/sqoop/client/SqoopClient.java 1cf549e > > client/src/main/java/org/apache/sqoop/client/request/SqoopResourceRequests.java > 33c90a8 > > client/src/main/java/org/apache/sqoop/client/request/ThreadDumpResourceRequest.java > PRE-CREATION > common/pom.xml 7237608 > common/src/main/java/org/apache/sqoop/json/ThreadDumpBean.java PRE-CREATION > server/src/main/java/org/apache/sqoop/handler/ThreadDumpRequestHandler.java > PRE-CREATION > server/src/main/java/org/apache/sqoop/server/SqoopJettyServer.java 2c4cb7a > server/src/main/java/org/apache/sqoop/server/ThreadDumpServlet.java > PRE-CREATION > shell/src/main/java/org/apache/sqoop/shell/ShowCommand.java eb8522a > shell/src/main/java/org/apache/sqoop/shell/ShowThreadDumpFunction.java > PRE-CREATION > shell/src/main/java/org/apache/sqoop/shell/core/Constants.java 9c57a2e > test/src/test/java/org/apache/sqoop/integration/shell/ShowCommandTest.java > 9fd4811 > > Diff: https://reviews.apache.org/r/42446/diff/ > > > Testing > ------- > > > Thanks, > > Colin Ma > >
