airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-3164) verify certificate of LDAP server
Date Tue, 27 Nov 2018 20:12:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16700940#comment-16700940
] 

Bolke de Bruin commented on AIRFLOW-3164:
-----------------------------------------

Because the user in this respect can't really be trusted. We have already had reports of people
leaving their Airflow installations wide open.

We give you the choice by implementing your own auth backend but then you are really on your
own.

On your note on FAB's usage in Airflow.  FAB still supports non TLS indeed, but we should
maybe consider suggesting a patch that disables it. You have plenty of time to test it without
being required to use it and you are not required to upgrade if you don't want. We just don't
want to maintain two UIs side by side.

 

Long story short: enable TLS on your LDAP server it is not hard to do and it is best practice.
There is no reason not to.

> verify certificate of LDAP server
> ---------------------------------
>
>                 Key: AIRFLOW-3164
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3164
>             Project: Apache Airflow
>          Issue Type: Bug
>            Reporter: Bolke de Bruin
>            Priority: Blocker
>             Fix For: 1.10.1
>
>
> Currently we dont verify the certificate of the Ldap server this can lead to security
incidents.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message