[jira] [Commented] (HBASE-27811) Enable cache control for logs endpoint and set max age as 0

Mon, 19 Feb 2024 03:42:51 -0800 


    [ 
https://issues.apache.org/jira/browse/HBASE-27811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17818456#comment-17818456
 ] 

Hudson commented on HBASE-27811:
--------------------------------

Results for branch branch-2
        [build #991 on 
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/991/]: 
(x) *{color:red}-1 overall{color}*
----
details (if available):

(x) {color:red}-1 general checks{color}
-- For more information [see general 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/991/General_20Nightly_20Build_20Report/]


(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2) 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/991/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]


(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3) 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/991/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(x) {color:red}-1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/991/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(/) {color:green}+1 source release artifact{color}
-- See build output for details.


(x) {color:red}-1 client integration test{color}
--Failed when running client tests on top of Hadoop 3. [see log for 
details|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/991//artifact/output-integration/hadoop-3.log].
 (note that this means we didn't check the Hadoop 3 shaded client)


> Enable cache control for logs endpoint and set max age as 0
> -----------------------------------------------------------
>
>                 Key: HBASE-27811
>                 URL: https://issues.apache.org/jira/browse/HBASE-27811
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Yash Dodeja
>            Assignee: Yash Dodeja
>            Priority: Minor
>             Fix For: 3.0.0-alpha-4
>
>
> Not setting the proper header values may cause browsers to store pages within 
> their respective caches. On public, shared, or any other non-private 
> computers, a malicious person may search through the browser cache to locate 
> sensitive information cached during another user's session.
> /logs endpoint contains sensitive information that an attacker can exploit.
> Any page with sensitive information needs to have the following headers in 
> response:
> Cache-Control: no-cache, no-store, max-age=0
> Pragma: no-cache
> Expires: -1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to