You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2018/06/15 04:57:00 UTC
[jira] [Reopened] (NIFI-5209) Remove toolkit migration without
password functionality
[ https://issues.apache.org/jira/browse/NIFI-5209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto reopened NIFI-5209:
---------------------------------
There are some test resources that need to be deleted and the pom.xml RAT section removed.
> Remove toolkit migration without password functionality
> -------------------------------------------------------
>
> Key: NIFI-5209
> URL: https://issues.apache.org/jira/browse/NIFI-5209
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.7.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Blocker
> Labels: hash, key, passwords, revert, security, toolkit
> Fix For: 1.7.0
>
>
> In NIFI-4942, new functionality was added to allow Ambari clients to perform the encrypted configuration migration without providing the original password or key by using a secure hash of the original credential to demonstrate knowledge of that value. The Ambari team found another way on their end to perform this action, and rather than allow the {{./secure_hash.key}} behavior to be released and then removed at a later time, complicating our security posture and potentially creating difficult support cases, it is better to remove it completely before the 1.7.0 release.
> However, it is not as simple as just backing out a few commits, as necessary refactoring of the tool code also occurred at that time. I will remove this feature while maintaining the improvements made to the toolkit.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)