You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "t oo (Jira)" <ji...@apache.org> on 2020/01/02 18:56:00 UTC
[jira] [Closed] (AIRFLOW-6349) security - api should deny access by
default
[ https://issues.apache.org/jira/browse/AIRFLOW-6349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
t oo closed AIRFLOW-6349.
-------------------------
Resolution: Duplicate
> security - api should deny access by default
> --------------------------------------------
>
> Key: AIRFLOW-6349
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6349
> Project: Apache Airflow
> Issue Type: Bug
> Components: api
> Affects Versions: 1.10.3
> Reporter: t oo
> Assignee: t oo
> Priority: Major
>
> below should be 'airflow.api.auth.backend.deny_all' by default:
> |[api]|
> | # How to authenticate users of the API|
> |auth_backend = airflow.api.auth.backend.default|
> otherwise anyone can trigger dags - this is too loose, as not everyone can login to web ui by default
> cookie_secure should also be True by default
--
This message was sent by Atlassian Jira
(v8.3.4#803005)