[
https://issues.apache.org/jira/browse/HDFS-6310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13987722#comment-13987722
]
Daryn Sharp commented on HDFS-6310:
-----------------------------------
bq. As long as the key is out this should be fine. What I don't want is that an
attacker can print out the token using oiv and then use the token directly,
which might give an attacker a handy way to attack the system.
If the attacker has access to the image, it's already game over whether oiv
accurately dumps the image or not. They can extract the tokens and keys in
other ways so why impede legitimate debugging?
bq. I guess we might need to clarify what compatibility means in this context.
My incompatible concern isn't strictly related to this jira so we probably
shouldn't debate it here. Just an explanation: It's a general concern that
any existing tools built around the output are being broken. Perhaps this is
fine for a major release, but within minor releases I'm not so sure.
Examples: Is the official documentation for using pig still valid? Does
twitter's tool still work?
http://hadoop.apache.org/docs/r2.4.0/hadoop-project-dist/hadoop-hdfs/HdfsImageViewer.html
https://github.com/twitter/hdfs-du
> PBImageXmlWriter should output information about Delegation Tokens
> ------------------------------------------------------------------
>
> Key: HDFS-6310
> URL: https://issues.apache.org/jira/browse/HDFS-6310
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: tools
> Affects Versions: 2.4.0
> Reporter: Akira AJISAKA
> Assignee: Akira AJISAKA
> Attachments: HDFS-6310.patch
>
>
> Separated from HDFS-6293.
> The 2.4.0 pb-fsimage does contain tokens, but OfflineImageViewer with -XML
> option does not show any tokens.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
