Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

When using the InvokeHTTP processor it uses basic authentication but why is the password still shown in clear text?

Labels:
avatar
bbukacek author-rank
Cloudera Employee

Created ‎10-08-2015 03:54 PM

 
1,900 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jpercivall
Guru

Created ‎10-08-2015 07:07 PM

I made another Jira ticket[1] to knock it out real quick. The digest auth ticket will take a bit longer since java's HttpUrlConnection digest Authentication is wacky.

Edit: Patch has been accepted and merged.

[1] https://issues.apache.org/jira/browse/NIFI-1030

View solution in original post

1,683 Views
0 Kudos
5 REPLIES 5

avatar
author-rank andrewg author-rank
Guru

Created ‎10-08-2015 07:00 PM

I think it's an omission. It was mentioned already before here in a context of digest authentication support https://issues.apache.org/jira/browse/NIFI-980?focusedCommentId=14940725&page=com.atlassian.jira.plu...

Perhaps it makes sense to create a top-level jira for marking the property sensitive or convert to a subtask?

1,683 Views
0 Kudos

avatar
author-rank jpercivall
Guru

Created ‎10-08-2015 07:07 PM

I made another Jira ticket[1] to knock it out real quick. The digest auth ticket will take a bit longer since java's HttpUrlConnection digest Authentication is wacky.

Edit: Patch has been accepted and merged.

[1] https://issues.apache.org/jira/browse/NIFI-1030

1,684 Views
0 Kudos

avatar
author-rank skumpf author-rank
Rising Star

Created ‎10-08-2015 07:10 PM

Can you elaborate? Do you see the actual password in the header or the Base64 encoded string? Basic Auth provides no security with regard to user/password. Base64 encoding is used to handle special characters that could invalidate the entire header.

1,683 Views
0 Kudos

avatar
author-rank andrewg author-rank
Guru

Created ‎10-08-2015 07:19 PM

It was a field in the UI which wasn't flagged as sensitive (NiFi automatically encrypts such fields).

1,683 Views
0 Kudos

avatar
author-rank jpercivall
Guru

Created ‎10-08-2015 08:20 PM

To elaborate a bit more, there is an InvokeHttp processor that is able to utilize basic authentication. In order to connect, the processor has a property called "Basic Authentication Password". The user of the UI has to input this when configuring the processor. Since it is a password it is considered a sensitive property and once set it won't be able to be seen in the UI and it is encrypted when in use. Also when exporting in a template the sensitive properties are not transferred.

1,683 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements