[jira] [Updated] (HBASE-19741) Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server

Sean Busbey (JIRA) Mon, 05 Aug 2019 12:15:07 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-19741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sean Busbey updated HBASE-19741:
--------------------------------
    Component/s: Thrift
                 security

> Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server
> --------------------------------------------------------------------
>
>                 Key: HBASE-19741
>                 URL: https://issues.apache.org/jira/browse/HBASE-19741
>             Project: HBase
>          Issue Type: Bug
>          Components: security, Thrift
>            Reporter: Esteban Gutierrez
>            Priority: Minor
>
> Our thrift server is prone to the same CSRF issue described in HBASE-15187. 
> Even it only affects browsers it triggers a positive match in some 
> venerability scanners even there is no real impact. We should correct our 
> headers in the HBase Thrift server to avoid that problem.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

[jira] [Updated] (HBASE-19741) Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server

Reply via email to