Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

When using the InvokeHTTP processor it uses basic authentication but why is the password still shown in clear text?

Labels:
avatar
bbukacek author-rank
Cloudera Employee

Created ‎10-08-2015 03:54 PM

 
2,461 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jpercivall
Guru

Created ‎10-08-2015 07:07 PM

I made another Jira ticket[1] to knock it out real quick. The digest auth ticket will take a bit longer since java's HttpUrlConnection digest Authentication is wacky.

Edit: Patch has been accepted and merged.

[1] https://issues.apache.org/jira/browse/NIFI-1030

View solution in original post

2,244 Views
0 Kudos
5 REPLIES 5

avatar
author-rank andrewg author-rank
Guru

Created ‎10-08-2015 07:00 PM

I think it's an omission. It was mentioned already before here in a context of digest authentication support https://issues.apache.org/jira/browse/NIFI-980?focusedCommentId=14940725&page=com.atlassian.jira.plu...

Perhaps it makes sense to create a top-level jira for marking the property sensitive or convert to a subtask?

2,244 Views
0 Kudos

avatar
author-rank jpercivall
Guru

Created ‎10-08-2015 07:07 PM

I made another Jira ticket[1] to knock it out real quick. The digest auth ticket will take a bit longer since java's HttpUrlConnection digest Authentication is wacky.

Edit: Patch has been accepted and merged.

[1] https://issues.apache.org/jira/browse/NIFI-1030

2,245 Views
0 Kudos

avatar
author-rank skumpf author-rank
Rising Star

Created ‎10-08-2015 07:10 PM

Can you elaborate? Do you see the actual password in the header or the Base64 encoded string? Basic Auth provides no security with regard to user/password. Base64 encoding is used to handle special characters that could invalidate the entire header.

2,244 Views
0 Kudos

avatar
author-rank andrewg author-rank
Guru

Created ‎10-08-2015 07:19 PM

It was a field in the UI which wasn't flagged as sensitive (NiFi automatically encrypts such fields).

2,244 Views
0 Kudos

avatar
author-rank jpercivall
Guru

Created ‎10-08-2015 08:20 PM

To elaborate a bit more, there is an InvokeHttp processor that is able to utilize basic authentication. In order to connect, the processor has a property called "Basic Authentication Password". The user of the UI has to input this when configuring the processor. Since it is a password it is considered a sensitive property and once set it won't be able to be seen in the UI and it is encrypted when in use. Also when exporting in a template the sensitive properties are not transferred.

2,244 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements