You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2018/09/17 15:48:00 UTC

[jira] [Created] (STORM-3227) Improve security of credentials push

Robert Joseph Evans created STORM-3227:
------------------------------------------

             Summary: Improve security of credentials push
                 Key: STORM-3227
                 URL: https://issues.apache.org/jira/browse/STORM-3227
             Project: Apache Storm
          Issue Type: Improvement
          Components: storm-client, storm-server
            Reporter: Robert Joseph Evans
            Assignee: Robert Joseph Evans


When pushing credentials to a topology most of the checks we do right now are to verify that the topology is allowing a given user to do the push, but we also need to protect the user from pushing to the wrong topology.

 

This is really only an issue if a user has the push setup on some kind of a cron like job, and the topology is down (which should be rare), but to eliminate any race conditions we should have nimbus either verify that the topology is owned by the same user as the one doing the push, or have an optional user that the client expects the topology to be owned by.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)