You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Aaron Gresch (JIRA)" <ji...@apache.org> on 2018/10/11 16:15:00 UTC

[jira] [Created] (STORM-3251) Using Logviewer Filter settings causes anyone to access logs via log viewer REST API

Aaron Gresch created STORM-3251:
-----------------------------------

             Summary: Using Logviewer Filter settings causes anyone to access logs via log viewer REST API
                 Key: STORM-3251
                 URL: https://issues.apache.org/jira/browse/STORM-3251
             Project: Apache Storm
          Issue Type: Bug
            Reporter: Aaron Gresch
            Assignee: Aaron Gresch


The rest API for logviewer access is checking if UI filter params is set to deny access to users.  It's possible now to configure the logviewer without UI filter params, so this check is no longer sufficient and can allow anyone access to logs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)