ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey E Rodriguez (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-10777) Security exposure - Quicklinks to Web UI exposes cluster servers
Date Mon, 27 Apr 2015 21:27:39 GMT
Jeffrey E  Rodriguez created AMBARI-10777:
---------------------------------------------

             Summary: Security exposure - Quicklinks to Web UI exposes cluster servers
                 Key: AMBARI-10777
                 URL: https://issues.apache.org/jira/browse/AMBARI-10777
             Project: Ambari
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.7.0, 2.0.0, 2.2.0, Ambari-2.1
         Environment: All
            Reporter: Jeffrey E  Rodriguez


Ambari Security exposure - 
"Quick Links"  Ambari allow Ambari users to access servers inside of users cluster. e.g. Click
oozie Web UI, if installed, you get redirected to Ooozie UI server. Worse yet, if not SSL
set up that is a gapping security hole.

Since Knox is a component of Ambari then it makes sense to set the Quickreferences as a proxified
links.

This could work as follows:

+ If Knox is installed, the current topology may be picked and the proxified links could be
derived from the Knox gateway configuration.
The URL variable can then be set to  the proxy URLs.
+  If Knox is not installed then  we use the default non proxy URL variables.

In the example of Oozie, if you put the Oozie Knox through a proxy and put the proxified link
that would be accessed through Knox securely and outsiders to the cluster would not gain information
about the inside of the cluster.
Also We need to think about customers who may want to set a firewall, how would customer access
User Interfaces services in  a cluster managed by Ambari



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message