You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2020/09/21 08:28:46 UTC
[GitHub] [incubator-dolphinscheduler] ly3too opened a new issue #3779: [Feature][Module Name] csrf protection
ly3too opened a new issue #3779:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3779
*For better global communication, please give priority to using English description, thx! *
*Please review https://dolphinscheduler.apache.org/en-us/docs/development/issue.html when describe an issue.*
**Describe the feature**
csrf protection needed to protect sesitive requests !!!
**Is your feature request related to a problem? Please describe.**
ds has no csrf protection. a simple csrf attach can cause serious problem, e.g. deleting of user account.
**Describe the solution you'd like**
spring-security is a simple solution.
**Describe alternatives you've considered**
no
**Additional context**
no
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs closed issue #3779: [Feature][Module Name] csrf protection
Posted by GitBox <gi...@apache.org>.
CalvinKirs closed issue #3779:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3779
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #3779: [Feature][Module Name] csrf protection
Posted by GitBox <gi...@apache.org>.
CalvinKirs commented on issue #3779:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3779#issuecomment-732661943
In the intranet environment, permission design does not need to be overly complicated
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #3779: [Feature][Module Name] csrf protection
Posted by GitBox <gi...@apache.org>.
CalvinKirs commented on issue #3779:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3779#issuecomment-733399016
I will close it, if you have a better idea, you can reopen it
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-dolphinscheduler] CalvinKirs commented on issue #3779: [Feature][Module Name] csrf protection
Posted by GitBox <gi...@apache.org>.
CalvinKirs commented on issue #3779:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3779#issuecomment-732661579
In my opinion, we don’t seem to need such a complicated design (spring-security)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org