Member since
01-10-2017
4
Posts
1
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
4341 | 02-14-2017 09:48 AM |
03-07-2017
12:56 AM
1 Kudo
While there are no official NiFi tasks (processor, controller services, reporting tasks, etc.) users can integrate NiFi and Atlas for data lineage using processors that come out of the box with NiFi. UpdateAttribute, ReplaceTExt, InokeHTTP, EvaluateJsonPath can be stitched together to invoke the Atlas API to populate lineage information. Wrapping this up in a template/progress group, one can productionise the flow. That said, Vadim's solution is a much more elegant implementation that can be extended. I'm sure this will be the approach taken by the NiFi development team in their implementation of the NiFi-Atlas bridge.
... View more
02-14-2017
09:48 AM
Hi @John T, Sorry for the delay.. 70-80% attacks occur internally is pretty much the consensus by every security report out there. Allowing specific access to users is more an authorization/authentication thing than a TLS thing. Anyway.. i digress. Possible workaround for this issue may require you to investigate removing that hard requirement of TLS in the Jetty Server. I say this may be a possible fix, as I haven't tried it, nor do i recommend downgrading security under any circumstance. Unfortunately, sometimes my recommendations fall on deaf ears. Code associated with the restriction can been found here: https://github.com/eclipse/jetty.project/blob/0c8273f2ca1f9bf2064cd9c4c939d2546443f759/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java Again, I would strongly recommend you not go down this path. All modern day operating systems support TLSv1.2 and if the OS you are using doesn't, get them to fix it. It's negligent and they've had almost 9 years to fix it.
... View more
02-12-2017
11:16 AM
Not sure why anyone would want to enable such a extremely old protocol with very weak ciphers. TLSv1.0 was defined in Jan, 1999, with updates v1.1 in Apr, 2006 and v1.2 in Aug, 2008. TLSv1.3 is currently (2016) in draft. Every modern day operating system supports TLSv1.2.. even the NIST have strong recommendations that financial services companies do not use anything less than TLSv1.2. That said.. NiFi itself is not the problem. There is a hard requirement in the Jetty Web Server which states that only strong cipher/protocols be used. By hard requirement, I mean hard coded into the source code. Is there a reason why you would expose your organisation .. or your customers to security risks? I would strongly discourage anyone with exposing such risks.
... View more