About david_miller

david_miller · ‎11-26-2018

NO! if you are trying to escape input to generate a sql query you should never roll your own sanitization unless you fully trust the input. THIS IS VULNERABLE TO SQL INJECTION! You should be using the '?' parameter substitution in your putsql stage.

justenji · ‎02-04-2019

@David Miller Hi David, You are right with being carefull sending to many emails and that there will be situations where monitoring/errorhandling needs to be adjusted individual. But I want a standard process for the majority of always repeated occuring errors. You know, not reinventing the wheel every time again. And if one day my processes are designed further there won't be emails sent just logging everything and give the support some kind of graphical interface (dashboard) - that's the plan.

alim · ‎08-27-2018

@David Miller For reference, the resource descriptors for the different component level access policies can be found in the NiFi Admin Guide, specifically: https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policies

alopresto · ‎06-02-2018

David, I would recommend you create an SSLContextService at root which only uses the truststore and ask your users to select that controller service when necessary. If they have requirements to connect to external services which require mutual authentication via TLS client certificates, you may have to create additional controller services with limited keystore access and provide those on a per-instance/user basis. If these are globally-accessible external services (aka not organizationally-signed), you could also provide a generic controller service which uses the Java CA truststore (something like $JAVA_HOME/jre/lib/security/cacerts with default password "changeit").

MattWho · ‎05-29-2018

@Henrik Olsen We completely understand how load-balanced redistribution of FlowFiles via a RPG is not the most elegant solution. There was consideration of separating input/output ports in to two different components (local and remote). In addition to the complexity with this, we also have to consider the backward compatibility. What impact with this have on NiFi users upgrading with flows developed with previous versions of NiFi. - Another option being looked at is adding the ability to enable load-balancing within the cluster directly on any connection. This would just be a new configuration option on existing connections with the default just behaving as connections do now. By enabling the load-balancing option, FlowFiles would be load-balanced across all connected nodes behind the scenes automatically. There are still technical hurdle here and no time table for this effort as of now. - Thank you, Matt

david_miller · ‎03-12-2018

@MattClarke answered this question in https://community.hortonworks.com/questions/176292/how-to-configure-managed-ranger-authorizer-for-nif.html

david_miller · ‎11-27-2017

I will accept the answer because it seems this might be an issue on my side. Thank you I will open up a ticket with hortonworks support if further troubleshooting is needed after I take a look at the logs. thanks again.

david_miller · ‎09-19-2017

Thanks Matt, the pre-provisioned input port idea does seem workable.

Online	Offline
Last Visited	‎03-22-2019 01:45 PM

Member Since	‎01-09-2017 08:12 PM
Last Visited	‎03-22-2019 01:45 PM
Posts	33

Cloudera Community

Re: how to generate sequence number in nifi cluste...

Re: What is the provenance access resource identif...

Re: Is there documentation for the NiFi ManagedRan...

Re: Replace single quote with two single quotes in...

Re: Thoughts on NiFi error handling

Re: What is the provenance access resource identif...

Re: How should I use the SSLContext controller in ...

Re: NiFi's ListSFTP no longer requires an RPG?

Re: Is there documentation for the NiFi ManagedRan...

Re: How do I programmatically query atlas to retur...

Re: Nifi: What are some best practices to support ...