You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Liu Zheng (Jira)" <ji...@apache.org> on 2022/11/02 03:17:00 UTC

[jira] [Comment Edited] (NIFI-7786) Bring back Trusted Hostname property from InvokeHTTP processor

    [ https://issues.apache.org/jira/browse/NIFI-7786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17627440#comment-17627440 ] 

Liu Zheng edited comment on NIFI-7786 at 11/2/22 3:16 AM:
----------------------------------------------------------

To get around hostname is invalid, I had to manually extend a new InvokeHttp from the NAR level.
I definitely know it's an untrusted certificate and doesn't respect subject alternative name matching, like frequent IP address switching, just for testing.
At the same time, this security measure is too strict, especially the subject alternative name.
I can't rectify the whole system key for one tiny feature. This is not realistic.
I have always felt that security risk is an issue that needs to be considered, but please leave the choice to the user, not the tool itself, the two do not conflict.


was (Author: deathknight0718):
To get around hostname is invalid, I had to manually extend a new InvokeHttp from the NAR level.
I definitely know it's an untrusted certificate and doesn't follow subject alternative name matching, but it's just a test of the ip address.
At the same time, the security measures are incredibly strict, especially for the subject alternative name.
I can't rectify the whole system key for one tiny feature. This is not realistic.
I've always felt that security risk is something to consider, but please leave the choice to the user, not the tool itself.

> Bring back Trusted Hostname property from InvokeHTTP processor
> --------------------------------------------------------------
>
>                 Key: NIFI-7786
>                 URL: https://issues.apache.org/jira/browse/NIFI-7786
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.10.0
>            Reporter: Kun Deng
>            Priority: Major
>
> Removing this option is a mistake.  Just google how many people need this option for various reasons. 
> It is an option so that by using it, people are willing to take the risks. 
>  
> Please bring back this option.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)