[jira] [Commented] (HDFS-14234) Limit WebHDFS to specifc user, host, directory triples

Fri, 05 Apr 2019 14:07:50 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-14234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16811253#comment-16811253
 ] 

Anu Engineer commented on HDFS-14234:
-------------------------------------

bq. should I write support for dfs.webhdsf.rest-csrf.enabled to still load the 
RestCsrfPreventionFilterHandler to preserve existing behavior and not allow one 
to pick where in the filter chain the CsrfPreventionFilter gets loaded?

I have not looked at the patch yet, but if we have a way of loading the csrf 
filter and during an upgrade it is not broken, I think we are good to go. The 
exact order does not matter for CSRF, IMHO.

> Limit WebHDFS to specifc user, host, directory triples
> ------------------------------------------------------
>
>                 Key: HDFS-14234
>                 URL: https://issues.apache.org/jira/browse/HDFS-14234
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: webhdfs
>            Reporter: Clay B.
>            Assignee: Clay B.
>            Priority: Trivial
>         Attachments: 
> 0001-HDFS-14234.-Limit-WebHDFS-to-specifc-user-host-direc.patch, 
> 0002-HDFS-14234.-Limit-WebHDFS-to-specifc-user-host-direc.patch, 
> 0003-HDFS-14234.-Limit-WebHDFS-to-specifc-user-host-direc.patch
>
>
> For those who have multiple network zones, it is useful to prevent certain 
> zones from downloading data from WebHDFS while still allowing uploads. This 
> can enable functionality of HDFS as a dropbox for data - data goes in but can 
> not be pulled back out. (Motivation further presented in [StrangeLoop 2018 Of 
> Data Dropboxes and Data 
> Gloveboxes|https://www.thestrangeloop.com/2018/of-data-dropboxes-and-data-gloveboxes.html]).
> Ideally, one could limit the datanodes from returning data via an 
> [{{OPEN}}|https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Open_and_Read_a_File]
>  but still allow things such as 
> [{{GETFILECHECKSUM}}|https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Get_File_Checksum]
>  and 
> {{[{{CREATE}}|https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Create_and_Write_to_a_File]}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to