You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2018/05/17 16:58:00 UTC

[jira] [Created] (NIFI-5209) Remove toolkit migration without password functionality

Andy LoPresto created NIFI-5209:
-----------------------------------

             Summary: Remove toolkit migration without password functionality
                 Key: NIFI-5209
                 URL: https://issues.apache.org/jira/browse/NIFI-5209
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Tools and Build
    Affects Versions: 1.7.0
            Reporter: Andy LoPresto
            Assignee: Andy LoPresto


In NIFI-4942, new functionality was added to allow Ambari clients to perform the encrypted configuration migration without providing the original password or key by using a secure hash of the original credential to demonstrate knowledge of that value. The Ambari team found another way on their end to perform this action, and rather than allow the {{./secure_hash.key}} behavior to be released and then removed at a later time, complicating our security posture and potentially creating difficult support cases, it is better to remove it completely before the 1.7.0 release. 

However, it is not as simple as just backing out a few commits, as necessary refactoring of the tool code also occurred at that time. I will remove this feature while maintaining the improvements made to the toolkit. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)