You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/01/02 18:55:00 UTC
[jira] [Commented] (AIRFLOW-6349) security - api should deny access
by default
[ https://issues.apache.org/jira/browse/AIRFLOW-6349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007006#comment-17007006 ]
ASF GitHub Bot commented on AIRFLOW-6349:
-----------------------------------------
tooptoop4 commented on pull request #6907: [AIRFLOW-6349] - secure api and cookie by default
URL: https://github.com/apache/airflow/pull/6907
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> security - api should deny access by default
> --------------------------------------------
>
> Key: AIRFLOW-6349
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6349
> Project: Apache Airflow
> Issue Type: Bug
> Components: api
> Affects Versions: 1.10.3
> Reporter: t oo
> Assignee: t oo
> Priority: Major
>
> below should be 'airflow.api.auth.backend.deny_all' by default:
> |[api]|
> | # How to authenticate users of the API|
> |auth_backend = airflow.api.auth.backend.default|
> otherwise anyone can trigger dags - this is too loose, as not everyone can login to web ui by default
> cookie_secure should also be True by default
--
This message was sent by Atlassian Jira
(v8.3.4#803005)