Return-Path: <issues-return-14293-archive-asf-public=cust-asf.ponee.io@kylin.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 8CD71200D53
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue,  5 Dec 2017 09:25:05 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 8B7A4160C0A; Tue,  5 Dec 2017 08:25:05 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id D8BE4160C1C
	for <archive-asf-public@cust-asf.ponee.io>; Tue,  5 Dec 2017 09:25:04 +0100 (CET)
Received: (qmail 8312 invoked by uid 500); 5 Dec 2017 08:25:04 -0000
Mailing-List: contact issues-help@kylin.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@kylin.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@kylin.apache.org>
List-Post: <mailto:issues@kylin.apache.org>
List-Id: <issues.kylin.apache.org>
Reply-To: dev@kylin.apache.org
Delivered-To: mailing list issues@kylin.apache.org
Received: (qmail 8300 invoked by uid 99); 5 Dec 2017 08:25:04 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Dec 2017 08:25:04 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 3CA681A01CD
	for <issues@kylin.apache.org>; Tue,  5 Dec 2017 08:25:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -97.2
X-Spam-Level: 
X-Spam-Status: No, score=-97.2 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_BADIPHTTP=2, KAM_SHORT=0.001,
	RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100,
	WEIRD_PORT=0.001] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 6cnJa8moD8Uy for <issues@kylin.apache.org>;
	Tue,  5 Dec 2017 08:25:02 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 3339B5F2A8
	for <issues@kylin.apache.org>; Tue,  5 Dec 2017 08:25:01 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6706DE0373
	for <issues@kylin.apache.org>; Tue,  5 Dec 2017 08:25:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2589D255BF
	for <issues@kylin.apache.org>; Tue,  5 Dec 2017 08:25:00 +0000 (UTC)
Date: Tue, 5 Dec 2017 08:25:00 +0000 (UTC)
From: "Shaofeng SHI (JIRA)" <jira@apache.org>
To: issues@kylin.apache.org
Message-ID: <JIRA.12965949.1462762488000.386217.1512462300150@Atlassian.JIRA>
In-Reply-To: <JIRA.12965949.1462762488000@Atlassian.JIRA>
References: <JIRA.12965949.1462762488000@Atlassian.JIRA> <JIRA.12965949.1462762488196@jira-lw-us.apache.org>
Subject: [jira] [Commented] (KYLIN-1664) rest api '/kylin/api/admin/config'
 without security check
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 05 Dec 2017 08:25:05 -0000


    [ https://issues.apache.org/jira/browse/KYLIN-1664?page=3Dcom.atlassian=
.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1627=
8184#comment-16278184 ]=20

Shaofeng SHI commented on KYLIN-1664:
-------------------------------------

This API will be restricted from public access; only administrator can requ=
est it. For CLI like CubeMigrationCLI, should use following URI to represen=
t a Kylin service:

admin:password@host:7070

instead of previous "host:7070"

> rest api '/kylin/api/admin/config' without security check
> ---------------------------------------------------------
>
>                 Key: KYLIN-1664
>                 URL: https://issues.apache.org/jira/browse/KYLIN-1664
>             Project: Kylin
>          Issue Type: Bug
>          Components: REST Service
>    Affects Versions: v1.5.1
>         Environment: Ubuntu 14.4
> Jdk 1.7.0
> Kylin 1.5.1 binary
>            Reporter: Hanhui LI
>            Assignee: Shaofeng SHI
>              Labels: test
>             Fix For: v2.3.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> rest api '/kylin/api/admin/config' without security check.
> Please check the follwoing:
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> GET Request:=20
> http://127.0.0.1:7070/kylin/api/admin/config
> Response:
> {"config":"kylin.hbase.region.cut.large=3D50\nkylin.hbase.default.compres=
sion.codec=3Dsnappy\ndeploy.env=3DQA\nacl.adminRole=3DROLE_ADMIN\nkylin.san=
dbox=3Dtrue\nkylin.hdfs.working.dir=3D/kylin\nldap.user.searchBase=3D\nkyli=
n.job.concurrent.max.limit=3D10\nkylin.job.remote.cli.password=3D\nsaml.met=
adata.file=3Dclasspath:sso_metadata.xml\nkylin.job.yarn.app.rest.check.inte=
rval.seconds=3D10\nmail.sender=3D\nmail.password=3D\nkylin.job.remote.cli.u=
sername=3D\nmail.username=3D\nsaml.context.serverPort=3D443\nkylin.web.help=
.length=3D4\nkylin.job.run.as.remote.cmd=3Dfalse\nldap.service.searchPatter=
n=3D\nkylin.web.contact_mail=3D\nldap.user.groupSearchBase=3D\nkylin.hbase.=
region.cut.small=3D5\nkylin.web.hive.limit=3D20\nkylin.job.mapreduce.defaul=
t.reduce.input.mb=3D500\nkylin.job.hive.database.for.intermediatetable=3Dde=
fault\nkylin.metadata.url=3Dkylin_metadata@hbase\nldap.password=3D\nldap.us=
ername=3D\nkylin.storage.url=3Dhbase\nganglia.port=3D8664\nldap.user.search=
Pattern=3D\nkylin.job.status.with.kerberos=3Dfalse\nganglia.group=3D\nkylin=
.hbase.cluster.fs=3D\nacl.defaultRole=3DROLE_ANALYST,ROLE_MODELER\nsaml.con=
text.contextPath=3D/kylin\nmail.host=3D\nkylin.job.remote.cli.working.dir=
=3D/tmp/kylin\nkylin.web.diagnostic=3D\nsaml.context.scheme=3Dhttps\nkylin.=
job.cubing.inmem.sampling.percent=3D100\nldap.service.groupSearchBase=3D\ns=
aml.metadata.entityBaseURL=3Dhttps://hostname/kylin\nkylin.hbase.hfile.size=
.gb=3D5\nldap.service.searchBase=3D\nkylin.owner=3Dwhoami@kylin.apache.org\=
nmail.enabled=3Dfalse\nkylin.rest.servers=3Dlocalhost:7070\nkylin.security.=
profile=3Dtesting\nkylin.job.retry=3D0\nsaml.context.serverName=3Dhostname\=
nldap.server=3Dldap://ldap_server:389\nkylin.job.remote.cli.hostname=3D\nky=
lin.query.security.enabled=3Dtrue\nkylin.server.mode=3Dall\nkylin.web.help.=
3=3Donboard|Cube Design Tutorial|\nkylin.web.help.2=3Dtableau|Tableau Guide=
|\nkylin.web.help.1=3Dodbc|ODBC Driver|\nkylin.hbase.region.cut.medium=3D10=
\nkylin.web.help.0=3Dstart|Getting Started|\nkylin.web.hadoop=3D\nkylin.web=
.streaming.guide=3Dhttp://kylin.apache.org/\n"}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)