[ https://issues.apache.org/jira/browse/HDFS-6310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13987722#comment-13987722 ]
Daryn Sharp commented on HDFS-6310: ----------------------------------- bq. As long as the key is out this should be fine. What I don't want is that an attacker can print out the token using oiv and then use the token directly, which might give an attacker a handy way to attack the system. If the attacker has access to the image, it's already game over whether oiv accurately dumps the image or not. They can extract the tokens and keys in other ways so why impede legitimate debugging? bq. I guess we might need to clarify what compatibility means in this context. My incompatible concern isn't strictly related to this jira so we probably shouldn't debate it here. Just an explanation: It's a general concern that any existing tools built around the output are being broken. Perhaps this is fine for a major release, but within minor releases I'm not so sure. Examples: Is the official documentation for using pig still valid? Does twitter's tool still work? http://hadoop.apache.org/docs/r2.4.0/hadoop-project-dist/hadoop-hdfs/HdfsImageViewer.html https://github.com/twitter/hdfs-du > PBImageXmlWriter should output information about Delegation Tokens > ------------------------------------------------------------------ > > Key: HDFS-6310 > URL: https://issues.apache.org/jira/browse/HDFS-6310 > Project: Hadoop HDFS > Issue Type: Bug > Components: tools > Affects Versions: 2.4.0 > Reporter: Akira AJISAKA > Assignee: Akira AJISAKA > Attachments: HDFS-6310.patch > > > Separated from HDFS-6293. > The 2.4.0 pb-fsimage does contain tokens, but OfflineImageViewer with -XML > option does not show any tokens. -- This message was sent by Atlassian JIRA (v6.2#6252)