You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Hanhui LI (JIRA)" <ji...@apache.org> on 2016/05/09 02:55:12 UTC

[jira] [Created] (KYLIN-1664) rest api '/kylin/api/admin/config' without security check

Hanhui LI created KYLIN-1664:
--------------------------------

             Summary: rest api '/kylin/api/admin/config' without security check
                 Key: KYLIN-1664
                 URL: https://issues.apache.org/jira/browse/KYLIN-1664
             Project: Kylin
          Issue Type: Bug
          Components: REST Service
    Affects Versions: v1.5.1
         Environment: Ubuntu 14.4
Jdk 1.7.0
Kylin 1.5.1 binary
            Reporter: Hanhui LI
            Assignee: Zhong,Jason


rest api '/kylin/api/admin/config' without security check.
Please check the follwoing:
===========================================
GET Request: 
http://127.0.0.1:7070/kylin/api/admin/config

Response:
{"config":"kylin.hbase.region.cut.large=50\nkylin.hbase.default.compression.codec=snappy\ndeploy.env=QA\nacl.adminRole=ROLE_ADMIN\nkylin.sandbox=true\nkylin.hdfs.working.dir=/kylin\nldap.user.searchBase=\nkylin.job.concurrent.max.limit=10\nkylin.job.remote.cli.password=\nsaml.metadata.file=classpath:sso_metadata.xml\nkylin.job.yarn.app.rest.check.interval.seconds=10\nmail.sender=\nmail.password=\nkylin.job.remote.cli.username=\nmail.username=\nsaml.context.serverPort=443\nkylin.web.help.length=4\nkylin.job.run.as.remote.cmd=false\nldap.service.searchPattern=\nkylin.web.contact_mail=\nldap.user.groupSearchBase=\nkylin.hbase.region.cut.small=5\nkylin.web.hive.limit=20\nkylin.job.mapreduce.default.reduce.input.mb=500\nkylin.job.hive.database.for.intermediatetable=default\nkylin.metadata.url=kylin_metadata@hbase\nldap.password=\nldap.username=\nkylin.storage.url=hbase\nganglia.port=8664\nldap.user.searchPattern=\nkylin.job.status.with.kerberos=false\nganglia.group=\nkylin.hbase.cluster.fs=\nacl.defaultRole=ROLE_ANALYST,ROLE_MODELER\nsaml.context.contextPath=/kylin\nmail.host=\nkylin.job.remote.cli.working.dir=/tmp/kylin\nkylin.web.diagnostic=\nsaml.context.scheme=https\nkylin.job.cubing.inmem.sampling.percent=100\nldap.service.groupSearchBase=\nsaml.metadata.entityBaseURL=https://hostname/kylin\nkylin.hbase.hfile.size.gb=5\nldap.service.searchBase=\nkylin.owner=whoami@kylin.apache.org\nmail.enabled=false\nkylin.rest.servers=localhost:7070\nkylin.security.profile=testing\nkylin.job.retry=0\nsaml.context.serverName=hostname\nldap.server=ldap://ldap_server:389\nkylin.job.remote.cli.hostname=\nkylin.query.security.enabled=true\nkylin.server.mode=all\nkylin.web.help.3=onboard|Cube Design Tutorial|\nkylin.web.help.2=tableau|Tableau Guide|\nkylin.web.help.1=odbc|ODBC Driver|\nkylin.hbase.region.cut.medium=10\nkylin.web.help.0=start|Getting Started|\nkylin.web.hadoop=\nkylin.web.streaming.guide=http://kylin.apache.org/\n"}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)