You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@livy.apache.org by "bharath kumar (Jira)" <ji...@apache.org> on 2022/11/17 03:09:00 UTC

[jira] [Commented] (LIVY-894) Add secure authentication for livy when ldap is configured for authentication

    [ https://issues.apache.org/jira/browse/LIVY-894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635095#comment-17635095 ] 

bharath kumar commented on LIVY-894:
------------------------------------

[~lmccay] Thanks for looking in to this,this might be a security issue if we don't fix it.

 
 * Livy is now being integrated with many components , if we can have this fix available , i believe we would be in a better position in terms of security.
 * Enterprise solutions might have LDAP authentication with livy, if credentials are exchanged over wire without encryption, it's going to be a security incident. 

 

I am moving this 0.8.0, hope above justifications are good enough. Thanks again.

> Add secure authentication for livy when ldap is configured for authentication
> -----------------------------------------------------------------------------
>
>                 Key: LIVY-894
>                 URL: https://issues.apache.org/jira/browse/LIVY-894
>             Project: Livy
>          Issue Type: New Feature
>          Components: API
>    Affects Versions: 0.7.0
>            Reporter: bharath kumar
>            Priority: Critical
>             Fix For: 0.9.0
>
>
> Hello,
> As i understand , livy authentication with ldap is not secured. Since authentication is BASIC and tls is disabled, livy would be susceptible to man-in-the-middle attacks. Can you please look in to this and provide a secure authentication mechanism for livy with ldap integration.
> Thanks
> Bharath



--
This message was sent by Atlassian Jira
(v8.20.10#820010)