ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Szabolcs Beki (Jira)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-25470) Strengthen Login Security
Date Fri, 20 Mar 2020 08:49:00 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-25470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17063190#comment-17063190
] 

Szabolcs Beki commented on AMBARI-25470:
----------------------------------------

There is a possibility to encrypt basic auth traffic, so normally it is not security risk.

 

This feature is not much needed.   

> Strengthen Login Security
> -------------------------
>
>                 Key: AMBARI-25470
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25470
>             Project: Ambari
>          Issue Type: Epic
>          Components: ambari-server, ambari-web
>            Reporter: Szabolcs Beki
>            Priority: Major
>              Labels: security
>
> Ambari UI uses basic authentication mechanism. The goal of this epic to investigate more
secure alternatives and implement one of it. Additionally, Ambari UI login currently uses
GET method as it request type. This has to be changed to post.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message