You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2018/10/15 10:06:58 UTC
[GitHub] ivankelly commented on issue #2749: Admin API via PulsarProxy with
authentication fails
ivankelly commented on issue #2749: Admin API via PulsarProxy with authentication fails
URL: https://github.com/apache/pulsar/issues/2749#issuecomment-429785910
> Skip validateOriginalPrincipal if proxyRoles is empty.
This could open up a security hole, as if the proxyRoles is empty, any client could then pass any value as the validateOriginalPrincipal, a therefore escalate their privileges.
> If originalPrincipal is null, treat a role as a "normal" client even when it is in proxyRoles.
The point of proxyRoles is to limit which roles can pretend to be other roles. Allowing proxyRoles to be ignored defeats this purpose.
The proxyRoles should be dedicated roles that are used for nothing but the proxy. I would consider anything else a bad configuration. Maybe we could improve the logging to make it clearer to the administrator that proxyRoles needs to be configured.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services