You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Szabolcs Beki (Jira)" <ji...@apache.org> on 2020/03/20 08:50:00 UTC

[jira] [Comment Edited] (AMBARI-25470) Strengthen Login Security

    [ https://issues.apache.org/jira/browse/AMBARI-25470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17063190#comment-17063190 ] 

Szabolcs Beki edited comment on AMBARI-25470 at 3/20/20, 8:49 AM:
------------------------------------------------------------------

There is a possibility to encrypt basic auth traffic, so normally it is not security risk.

The scope is reduced to GET-> POST.


was (Author: szabolcs.beki):
There is a possibility to encrypt basic auth traffic, so normally it is not security risk.

 

This feature is not much needed.   

> Strengthen Login Security
> -------------------------
>
>                 Key: AMBARI-25470
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25470
>             Project: Ambari
>          Issue Type: Epic
>          Components: ambari-server, ambari-web
>            Reporter: Szabolcs Beki
>            Priority: Major
>              Labels: security
>
> Ambari UI uses basic authentication mechanism. The goal of this epic to investigate more secure alternatives and implement one of it. Additionally, Ambari UI login currently uses GET method as it request type. This has to be changed to post.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)