[jira] [Created] (YARN-5076) YARN web interfaces lack XFS protection

Jonathan Maron (JIRA) Thu, 12 May 2016 07:03:41 -0700

Jonathan Maron created YARN-5076:
------------------------------------

             Summary: YARN web interfaces lack XFS protection
                 Key: YARN-5076
                 URL: https://issues.apache.org/jira/browse/YARN-5076
             Project: Hadoop YARN
          Issue Type: Bug
          Components: nodemanager, resourcemanager, timelineserver
            Reporter: Jonathan Maron
            Assignee: Jonathan Maron



There are web interfaces in YARN that do not provide protection against cross 
frame scripting 
(https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet).  
HADOOP-13008 provides a common filter for addressing this vulnerability, so 
this filter should be integrated into the YARN web interfaces.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org

[jira] [Created] (YARN-5076) YARN web interfaces lack XFS protection

Reply via email to