Hadoop-2.2.0 Chinese document--web application Agent

Web application proxy is part of yarn. By default, it runs as part of the Resource Manager (RM), but it can also be configured as a standalone run mode. The reason for using proxies is to reduce the likelihood of web attacks through yarn.

In yarn, application Master (AM) is responsible for providing the Web interface and sending the link to RM. This opens the door to a number of possible problems. When RM is running as a trusted user, the user who accesses that Web address is considered trustworthy, and the link it provides is considered trustworthy, but when it is actually run as an untrusted user, the link to RM may point to any malicious address. Web application proxy mitigates the risk by alerting users that they are connecting to an untrusted application that does not belong to them.

Additionally, this agent also tries to reduce the impact of a malicious am on a user that can have one. It will first detach the cookie from the user and replace it with the name of a logged-in user as a standalone cookie. This is because most web-based authentication systems authenticate users based on cookies. By providing this cookie to an untrusted application, it is getting results for some (?) provides the possibility. If a cookie is properly designed, it should be quite small, but it only reduces the likelihood of an attack. The current proxy implementation has nothing to do with whether to block am by providing a link to a malicious site, or to block JavaScript code from running. In fact, JavaScript can be used to obtain cookies, so the cookie obtained from the request at this time has minimal effect.

In the future, we want to deal with the above attack virus, making it more secure to access the Web interface of AM.