You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Jeffrey E Rodriguez (JIRA)" <ji...@apache.org> on 2015/04/27 23:27:39 UTC
[jira] [Created] (AMBARI-10777) Security exposure - Quicklinks to
Web UI exposes cluster servers
Jeffrey E Rodriguez created AMBARI-10777:
---------------------------------------------
Summary: Security exposure - Quicklinks to Web UI exposes cluster servers
Key: AMBARI-10777
URL: https://issues.apache.org/jira/browse/AMBARI-10777
Project: Ambari
Issue Type: Improvement
Components: security
Affects Versions: 1.7.0, 2.0.0, 2.2.0, Ambari-2.1
Environment: All
Reporter: Jeffrey E Rodriguez
Ambari Security exposure -
"Quick Links" Ambari allow Ambari users to access servers inside of users cluster. e.g. Click oozie Web UI, if installed, you get redirected to Ooozie UI server. Worse yet, if not SSL set up that is a gapping security hole.
Since Knox is a component of Ambari then it makes sense to set the Quickreferences as a proxified links.
This could work as follows:
+ If Knox is installed, the current topology may be picked and the proxified links could be derived from the Knox gateway configuration.
The URL variable can then be set to the proxy URLs.
+ If Knox is not installed then we use the default non proxy URL variables.
In the example of Oozie, if you put the Oozie Knox through a proxy and put the proxified link that would be accessed through Knox securely and outsiders to the cluster would not gain information about the inside of the cluster.
Also We need to think about customers who may want to set a firewall, how would customer access User Interfaces services in a cluster managed by Ambari
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)