You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Matt Gilman (JIRA)" <ji...@apache.org> on 2015/05/01 14:25:06 UTC
[jira] [Commented] (NIFI-149) create secure configuration guide for
the web page
[ https://issues.apache.org/jira/browse/NIFI-149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14523134#comment-14523134 ]
Matt Gilman commented on NIFI-149:
----------------------------------
+1 Looks good. Though I would make a couple small changes...
- Admin users can also purge history (where that is explained that sentence is missing a period).
- I wouldn't advertise the fact that the application can run on both http and https connectors simultaneously. This only works in standalone mode. It is not possible to run on both connectors when clustered. Due to this inconsistency it would probably be better to guard against this rather than provide partial support IMO. It would also significantly simplify the introduction of WANT client auth as we would only need to manage one anonymous user (not one for anonymous http access which is given full permissions and one for anonymous https access which will be limited according to the configuration).
> create secure configuration guide for the web page
> --------------------------------------------------
>
> Key: NIFI-149
> URL: https://issues.apache.org/jira/browse/NIFI-149
> Project: Apache NiFi
> Issue Type: Task
> Components: Documentation & Website
> Reporter: Tony Kurc
> Assignee: Mark Payne
> Labels: security, web-site
> Fix For: 0.1.0
>
> Attachments: 0001-NIFI-149-Added-information-to-Administration-Guide-f.patch
>
>
> create a guide for locking down the application for production use. ideally this would include how to create 'accounts', how to assign those accounts 'roles', and how to configure the application to disallow use from users who don't have accounts or roles.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)