This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • KIP-7 Security Improvements

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Make PBE Hashing, Iteration Count and Salt Configurable and Manageable (KNOX-944) DONE
  2. Make key sizes configurable for self-signed cert creation, etc
  3. Ensure that HTTPOnly and Secure flags are set on all cookies (KNOX-933) DONE
  4. Protect against LDAP Injection in the KnoxLdapRealm
  5. Ensure that the above improvements are backward compatible with deployed knox instances
  6. Ensure that the above configurable items are able to be configured prior to first start and the use of defaults (like in Ambari)
  7. SSOCookieProvider to be configurable for signature verification key/PEM (KNOX-947) DONE

2. Identity Broker APIs (KNOX-929)