t oo created AIRFLOW-6349:
-----------------------------
Summary: security - api should deny access by default
Key: AIRFLOW-6349
URL: https://issues.apache.org/jira/browse/AIRFLOW-6349
Project: Apache Airflow
Issue Type: Bug
Components: api
Affects Versions: 1.10.3
Reporter: t oo
below should be 'airflow.api.auth.backend.deny_all' by default:
|[api]|
| # How to authenticate users of the API|
|auth_backend = airflow.api.auth.backend.default|
otherwise anyone can trigger dags - this is too loose, as not everyone can
login to web ui by default
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
