You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "Aaron Gresch (JIRA)" <ji...@apache.org> on 2018/10/11 16:15:00 UTC
[jira] [Created] (STORM-3251) Using Logviewer Filter settings
causes anyone to access logs via log viewer REST API
Aaron Gresch created STORM-3251:
-----------------------------------
Summary: Using Logviewer Filter settings causes anyone to access logs via log viewer REST API
Key: STORM-3251
URL: https://issues.apache.org/jira/browse/STORM-3251
Project: Apache Storm
Issue Type: Bug
Reporter: Aaron Gresch
Assignee: Aaron Gresch
The rest API for logviewer access is checking if UI filter params is set to deny access to users. It's possible now to configure the logviewer without UI filter params, so this check is no longer sufficient and can allow anyone access to logs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)