You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Giorgio Zoppi (Jira)" <ji...@apache.org> on 2020/03/01 20:04:00 UTC

[jira] [Commented] (AIRFLOW-4176) [security] webui shows password - admin/log/?flt1_extra_contains=conn_password

    [ https://issues.apache.org/jira/browse/AIRFLOW-4176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17048664#comment-17048664 ] 

Giorgio Zoppi commented on AIRFLOW-4176:
----------------------------------------

I get into this.

 

> [security] webui shows password - admin/log/?flt1_extra_contains=conn_password
> ------------------------------------------------------------------------------
>
>                 Key: AIRFLOW-4176
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4176
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security, ui
>    Affects Versions: 1.10.2
>            Reporter: t oo
>            Assignee: Giorgio Zoppi
>            Priority: Blocker
>             Fix For: 2.0.0
>
>         Attachments: airf.png
>
>
> First setup hivecli connection:
> {noformat}
> source /home/ec2-user/venv/bin/activate; airflow connections -a \ 
>   --conn_id query_hive --conn_type hive_cli --conn_host domainhere \
>   --conn_port 10000 --conn_schema default \
>   --conn_extra "{\"use_beeline\":\"true\", \"ssl-options\":\"ssl=true;sslTrustStore=path-${RUNTIME_ENV}.jks;trustStorePassword=${QUERY_JKS_PASW}\"}" \
>   --conn_login ${QUERY_HIVE_USER} --conn_password ${QUERY_HIVE_PASW}
> {noformat}
>  
> On the webui navigate to domain/admin/log/?flt1_extra_contains=conn_password
> and you will be able to see cleartext user and password!
> see attachment



--
This message was sent by Atlassian Jira
(v8.3.4#803005)