[jira] [Updated] (AIRFLOW-6349) security - api should deny access by default

t oo (Jira) Thu, 26 Dec 2019 09:16:17 -0800


     [ 
https://issues.apache.org/jira/browse/AIRFLOW-6349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


t oo updated AIRFLOW-6349:
--------------------------
    Description: 
below should be 'airflow.api.auth.backend.deny_all' by default:
|[api]|
| # How to authenticate users of the API|
|auth_backend = airflow.api.auth.backend.default|

otherwise anyone can trigger dags - this is too loose, as not everyone can 
login to web ui by default

cookie_secure should also be True by default

  was:
below should be 'airflow.api.auth.backend.deny_all' by default:
|[api]|
| # How to authenticate users of the API|
|auth_backend = airflow.api.auth.backend.default|

otherwise anyone can trigger dags - this is too loose, as not everyone can 
login to web ui by default


> security - api should deny access by default
> --------------------------------------------
>
>                 Key: AIRFLOW-6349
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-6349
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: api
>    Affects Versions: 1.10.3
>            Reporter: t oo
>            Priority: Major
>
> below should be 'airflow.api.auth.backend.deny_all' by default:
> |[api]|
> | # How to authenticate users of the API|
> |auth_backend = airflow.api.auth.backend.default|
> otherwise anyone can trigger dags - this is too loose, as not everyone can 
> login to web ui by default
> cookie_secure should also be True by default



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (AIRFLOW-6349) security - api should deny access by default

Reply via email to