nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edgardo Vega <edgardo.v...@gmail.com>
Subject Re: [GitHub] nifi pull request: NIFI-1578: Create PutSlack processor
Date Wed, 18 May 2016 18:47:31 GMT
Isn't the concern about the webhook url handled by the fact there is nifi
security. If you don't trust people with the url you most certainly don't
trust them with access to the nifi canvas. Considering in Slack anyone on
the team can see the webhook url I think that the webhook is NOT sensitive.

On Wed, May 18, 2016 at 2:04 PM, adamonduty <git@git.apache.org> wrote:

> Github user adamonduty commented on the pull request:
>
>     https://github.com/apache/nifi/pull/256#issuecomment-220109946
>
>     @rstjohn I agree with @alopresto - the webhook is sensitive.
> Especially because the links and content posted on slack are generally
> internal to teams and trusted, inadvertently exposing a webhook URL could
> leave teams open to phishing attacks. And possession of a webhook URL
> allows one to post to *any* public channel or direct message any user.
>
>     You have a great point about the validator - it should validate
> *after* the expression language has been applied to allow for use cases
> like you describe. I'm a bit on the fence on assuming a name without a `#`
> is a channel name though.
>
>     We could also expose the `attachments` section. Did you envision a
> property where you could supply a json array as described in <a href="
> https://api.slack.com/docs/attachments">Slack's documentation</a>? Or did
> you have another approach in mind?
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastructure@apache.org or file a JIRA ticket
> with INFRA.
> ---
>



-- 
Cheers,

Edgardo

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message