[jira] [Commented] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Chesnay Schepler (Jira) Wed, 27 Jan 2021 01:46:09 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-21108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17272717#comment-17272717
 ]


Chesnay Schepler commented on FLINK-21108:
------------------------------------------

I'm quite wary of implementing authentication on the server-side ourselves. 
Historically, when it comes to security nothing is ever simple and pit falls 
are numerous.

I'd be fine with making the client-side changes.



> Flink runtime rest server and history server webmonitor do not require 
> authentication.
> --------------------------------------------------------------------------------------
>
>                 Key: FLINK-21108
>                 URL: https://issues.apache.org/jira/browse/FLINK-21108
>             Project: Flink
>          Issue Type: New Feature
>          Components: Runtime / REST, Runtime / Web Frontend
>            Reporter: Xiaoguang Sun
>            Priority: Major
>              Labels: pull-request-available
>
> Flink runtime rest server and history server webmonitor do not require 
> authentication. At certain scenarios, prohibiting unauthorized access is 
> desired. Http basic authentication can be used here.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Reply via email to