-
Hi I was reading some parts of the code and found an undocumented endpoint As I don't see any validation or else, does that mean that a any user A can ask for the credentials of a user B, and
Does that means that this endpoint shouldn't be directly accessible by users ? Like endpoint Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
@azro352 you can find more details for the change here https://issues.apache.org/jira/browse/HDDS-8050 |
Beta Was this translation helpful? Give feedback.
-
@ChenSammi is correct, validation is present within the OM, not on the S3 gateway. I'm currently closing this discussion since security should be discussed on [email protected] per this repository (and the ASF's) security policy. |
Beta Was this translation helpful? Give feedback.
The ozone administrator or same user validation is checked at server side(OM), not client side(s3 gateway)
https://github.com/apache/ozone/blob/master/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/security/S3SecretRequestHelper.java#L68