[jira] [Commented] (HDFS-3801) Provide a way to disable browsing of files from the web UI

[Andy Isaacson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-3801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509374#comment-13509374
 ] 

Andy Isaacson commented on HDFS-3801:
-------------------------------------

bq. There's been a general need to disable UI access

With current Hadoop, without Kerberos, the only practical way to prevent 
unauthorized access is to firewall or otherwise prevent untrusted clients from 
connecting to the HTTP port of the NN and DN.  Once a client app can connect to 
the DN+NN HTTP ports of a non-Kerberos Hadoop cluster, the client has full 
access to the cluster, as demonstrated by the filesystem browsing feature.

As far as I can see, this patch tries to hide that security configuration 
problem by making it slightly less visible that the cluster is wide open.

I think this is the wrong direction for us to be going, unless there's a 
credible plan for making such a "minimum security" mode into a real feature 
that covers all the bases.  Such a mode could be quite useful as a 
less-invasive substitute for the existing Kerberos security, but it's a pretty 
large undertaking.

(For example -- and this is just a 30 second strawman sketch -- there could be 
a shared secret across all the Hadoop components that is sent with every 
request, to "authenticate" that the request comes from someone who knows the 
secret.)
                
> Provide a way to disable browsing of files from the web UI
> ----------------------------------------------------------
>
>                 Key: HDFS-3801
>                 URL: https://issues.apache.org/jira/browse/HDFS-3801
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: namenode
>    Affects Versions: 2.0.0-alpha
>            Reporter: Harsh J
>            Assignee: Harsh J
>            Priority: Minor
>         Attachments: HDFS-3801.patch
>
>
> A few times we've had requests from users who wish to disable browsing of the 
> filesystem in the web UI completely, while keeping other servlet 
> functionality enabled (such as fsck, etc.). Right now, the cheap way to do 
> this is by blocking out the DN web port (50075) from access by clients, but 
> that also hampers HFTP transfers.
> We should instead provide a toggle config for the JSPs to use and disallow 
> browsing if the toggle's enabled. The config can be true by default, to not 
> change the behavior.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira