Support Questions

Thanks, I don't understand why NiFi wouldn't have a default login page for an admin user. It seems strange that no user login is required on http and can only be done via https. Every other HDP component has at least a basic UI login.

A default login page for an admin user served over HTTP provides the illusion of security -- security theater -- but does absolutely nothing to improve the security of the system while adding obstacles to ease of use.

That is true, but some times such an option can be good for a little access control and avoiding not seriously harmfull but unwanted activities on the server.

We fundamentally disagree on the utility and value of that feature. Providing a login page which does not secure the transmission of sensitive credentials against trivial intercept and can be bypassed easily does not provide sufficient value and leads to a number of problems:

1. Users will assume it is secure and not change it from the default/configure stronger login options such as LDAP/Kerberos/client certificate authentication. We make a conscious effort not to offer weak security options as defaults because many users are unaware and will not change them
2. Users will not be aware that the credentials can be intercepted and stolen (these credentials may be reused from other applications and pose a large threat)
3. Users will not be aware that the login page can be bypassed (HTTP traffic can be monitored, and any credentials or tokens (NiFi is stateless, so it does not use session identifiers) can be intercepted and reused)

For these reasons, NiFi does not offer an option for authentication or authorization controls over plaintext HTTP. HTTPS must be configured to enable those mechanisms to avoid a false sense of security and prevent user/admin complacency.

@Joe P I cannot reply to your comment for some reason, so I'm putting my response here.

I do not set the security policy for Ambari or any other Apache project. Every project evaluates security differently and makes decisions to reach a balance they find acceptable.

I am only one member of the NiFi community as well, but our community has agreed on this policy for NiFi. We invite all community members and users to contribute ideas and engage in discussion on design decisions. You are welcome to request the changes you want, but I will say that the previous discussion around that obviously went in this direction and I don't see any new information in your position than was previously discussed.

If that's the case, then why does Ambari have a login page without https? Sometimes it's useful to setup the login first, then add a security layer. It helps with troubleshooting and not having a login for Ambari (for example) would be confusing! So why is this any different?