You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2018/06/05 15:51:00 UTC

[jira] [Updated] (NIFI-5209) Remove toolkit migration without password functionality

     [ https://issues.apache.org/jira/browse/NIFI-5209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andy LoPresto updated NIFI-5209:
--------------------------------
    Fix Version/s: 1.7.0
           Status: Patch Available  (was: In Progress)

> Remove toolkit migration without password functionality
> -------------------------------------------------------
>
>                 Key: NIFI-5209
>                 URL: https://issues.apache.org/jira/browse/NIFI-5209
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Tools and Build
>    Affects Versions: 1.7.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: hash, key, passwords, revert, security, toolkit
>             Fix For: 1.7.0
>
>
> In NIFI-4942, new functionality was added to allow Ambari clients to perform the encrypted configuration migration without providing the original password or key by using a secure hash of the original credential to demonstrate knowledge of that value. The Ambari team found another way on their end to perform this action, and rather than allow the {{./secure_hash.key}} behavior to be released and then removed at a later time, complicating our security posture and potentially creating difficult support cases, it is better to remove it completely before the 1.7.0 release. 
> However, it is not as simple as just backing out a few commits, as necessary refactoring of the tool code also occurred at that time. I will remove this feature while maintaining the improvements made to the toolkit. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)