FAQ
Better safety of killing jobs via web interface
-----------------------------------------------

Key: HADOOP-3342
URL: https://issues.apache.org/jira/browse/HADOOP-3342
Project: Hadoop Core
Issue Type: Improvement
Affects Versions: 0.16.3
Reporter: Daniel Naber
Priority: Minor
Attachments: kill-job.diff

Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Search Discussions

  • Daniel Naber (JIRA) at May 3, 2008 at 10:38 am
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Daniel Naber updated HADOOP-3342:
    ---------------------------------

    Attachment: kill-job.diff
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Affects Versions: 0.16.3
    Reporter: Daniel Naber
    Priority: Minor
    Attachments: kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Otis Gospodnetic (JIRA) at May 4, 2008 at 2:44 am
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12594052#action_12594052 ]

    Otis Gospodnetic commented on HADOOP-3342:
    ------------------------------------------

    Another option might be a tiny little bit of javascript called from onclick:

    function onKillClick(jobID) {
    return confirm('Really kill Job ' + jobID + ' ?');
    }

    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Affects Versions: 0.16.3
    Reporter: Daniel Naber
    Priority: Minor
    Attachments: kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Enis Soztutar (JIRA) at May 5, 2008 at 11:44 pm
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12594401#action_12594401 ]

    Enis Soztutar commented on HADOOP-3342:
    ---------------------------------------

    As far as I remember killing job is already a two step process, when we click kill job, the page is reloaded to confirm the killing action. I'm OK with the POST check.
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Affects Versions: 0.16.3
    Reporter: Daniel Naber
    Priority: Minor
    Attachments: kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Robert Chansler (JIRA) at Aug 8, 2008 at 6:14 pm
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Robert Chansler updated HADOOP-3342:
    ------------------------------------

    Component/s: dfs
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Components: dfs
    Affects Versions: 0.16.3
    Reporter: Daniel Naber
    Priority: Minor
    Attachments: kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Enis Soztutar (JIRA) at Aug 15, 2008 at 10:12 am
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Enis Soztutar updated HADOOP-3342:
    ----------------------------------

    Attachment: Hadoop-3342.patch

    Updated Daniel's patch to also submit post requests for killing task / chaging job priority.
    Patch tested manually.

    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Components: dfs
    Affects Versions: 0.16.3
    Reporter: Daniel Naber
    Priority: Minor
    Attachments: Hadoop-3342.patch, kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Enis Soztutar (JIRA) at Aug 15, 2008 at 10:14 am
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Enis Soztutar updated HADOOP-3342:
    ----------------------------------

    Component/s: (was: dfs)
    mapred
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Components: mapred
    Affects Versions: 0.19.0
    Reporter: Daniel Naber
    Priority: Minor
    Fix For: 0.19.0

    Attachments: Hadoop-3342.patch, kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Enis Soztutar (JIRA) at Aug 15, 2008 at 10:14 am
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Enis Soztutar updated HADOOP-3342:
    ----------------------------------

    Fix Version/s: 0.19.0
    Affects Version/s: (was: 0.16.3)
    0.19.0
    Status: Patch Available (was: Open)
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Components: mapred
    Affects Versions: 0.19.0
    Reporter: Daniel Naber
    Priority: Minor
    Fix For: 0.19.0

    Attachments: Hadoop-3342.patch, kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Owen O'Malley (JIRA) at Aug 28, 2008 at 9:24 pm
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Owen O'Malley updated HADOOP-3342:
    ----------------------------------

    Resolution: Fixed
    Assignee: Enis Soztutar
    Hadoop Flags: [Reviewed]
    Status: Resolved (was: Patch Available)

    I just committed this. Thanks, Daniel and Enis!
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Components: mapred
    Affects Versions: 0.19.0
    Reporter: Daniel Naber
    Assignee: Enis Soztutar
    Priority: Minor
    Fix For: 0.19.0

    Attachments: Hadoop-3342.patch, kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.
  • Hudson (JIRA) at Sep 1, 2008 at 3:47 pm
    [ https://issues.apache.org/jira/browse/HADOOP-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12627483#action_12627483 ]

    Hudson commented on HADOOP-3342:
    --------------------------------

    Integrated in Hadoop-trunk #589 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-trunk/589/])
    Better safety of killing jobs via web interface
    -----------------------------------------------

    Key: HADOOP-3342
    URL: https://issues.apache.org/jira/browse/HADOOP-3342
    Project: Hadoop Core
    Issue Type: Improvement
    Components: mapred
    Affects Versions: 0.19.0
    Reporter: Daniel Naber
    Assignee: Enis Soztutar
    Priority: Minor
    Fix For: 0.19.0

    Attachments: Hadoop-3342.patch, kill-job.diff


    Although the option to kill jobs via the web interface is turned off by default, it should be made safer. Currently the "kill" action and its confirmation is just a link so it could be triggered by a crawler or by a browser's pre-fetching mechanism. The attached patch makes it work only with "POST" so that e.g. well-behaved crawlers shouldn't be able to access it.
    --
    This message is automatically generated by JIRA.
    -
    You can reply to this email to add a comment to the issue online.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommon-dev @
categorieshadoop
postedMay 3, '08 at 10:38a
activeSep 1, '08 at 3:47p
posts10
users1
websitehadoop.apache.org...
irc#hadoop

1 user in discussion

Hudson (JIRA): 10 posts

People

Translate

site design / logo © 2022 Grokbase