[
https://issues.apache.org/jira/browse/HDFS-5661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13848048#comment-13848048
]
Haohui Mai commented on HDFS-5661:
----------------------------------
The only way to access the data on a secure DN is to present a valid delegation
token. The HTTP auth tokens do not contain the DT, presenting the HTTP auth
tokens to the DN does not grant you the access, thus it makes no sense to pass
them around.
Regardless of what UI you're using, the NN fetches the DT on the behalf of the
client, and the client presents this DT to authenticate with DN. This should
the only way you can access the data.
If you happen to get the data in your approach, this is a security hole and
please file a jira to track it.
Again, I'll encourage you to check out the new web UI. It accesses the data
through WebHDFS which is much more robust.
> Browsing FileSystem via web ui, should use datanode's hostname instead of ip
> address
> ------------------------------------------------------------------------------------
>
> Key: HDFS-5661
> URL: https://issues.apache.org/jira/browse/HDFS-5661
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.2.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HDFS-5661.patch
>
>
> If authentication is enabled on the web ui, then a cookie is used to keep
> track of the authentication information. There is normally a domain
> associated with the cookie. Since ip address doesn't have any domain , the
> cookie will not be sent by the browser while making http calls with ip
> address as the destination server.
> This will break browsing files system via web ui , if authentication is
> enabled.
> Browsing FileSystem via web ui, should use datanode's hostname instead of ip
> address.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
