airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "xifeng (Jira)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-4176) [security] webui shows password - admin/log/?flt1_extra_contains=conn_password
Date Wed, 11 Dec 2019 10:05:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-4176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16993385#comment-16993385
] 

xifeng commented on AIRFLOW-4176:
---------------------------------

yes I saw, is there a  more simple version of the command?  more convenient to test. thanks.

> [security] webui shows password - admin/log/?flt1_extra_contains=conn_password
> ------------------------------------------------------------------------------
>
>                 Key: AIRFLOW-4176
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4176
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security, ui
>    Affects Versions: 1.10.2
>            Reporter: t oo
>            Priority: Blocker
>             Fix For: 2.0.0
>
>         Attachments: airf.png
>
>
> First setup hivecli connection:
> source /home/ec2-user/venv/bin/activate; airflow connections -a --conn_id query_hive
--conn_type hive_cli --conn_host domainhere --conn_port 10000 --conn_schema default --conn_extra
"\{\"use_beeline\":\"true\", \"ssl-options\":\"ssl=true;sslTrustStore=path-${RUNTIME_ENV}.jks;trustStorePassword=${QUERY_JKS_PASW}\"}"
--conn_login ${QUERY_HIVE_USER} --conn_password ${QUERY_HIVE_PASW}
>  
> On the webui navigate to domain/admin/log/?flt1_extra_contains=conn_password
> and you will be able to see cleartext user and password!
> see attachment



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message