You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "t oo (Jira)" <ji...@apache.org> on 2019/12/26 00:07:00 UTC

[jira] [Created] (AIRFLOW-6349) security - api should deny access by default

t oo created AIRFLOW-6349:
-----------------------------

             Summary: security - api should deny access by default
                 Key: AIRFLOW-6349
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-6349
             Project: Apache Airflow
          Issue Type: Bug
          Components: api
    Affects Versions: 1.10.3
            Reporter: t oo


below should be 'airflow.api.auth.backend.deny_all' by default:
|[api]|
| # How to authenticate users of the API|
|auth_backend = airflow.api.auth.backend.default|

otherwise anyone can trigger dags - this is too loose, as not everyone can login to web ui by default



--
This message was sent by Atlassian Jira
(v8.3.4#803005)