Jeffrey E Rodriguez created AMBARI-10777:
---------------------------------------------
Summary: Security exposure - Quicklinks to Web UI exposes cluster
servers
Key: AMBARI-10777
URL: https://issues.apache.org/jira/browse/AMBARI-10777
Project: Ambari
Issue Type: Improvement
Components: security
Affects Versions: 1.7.0, 2.0.0, 2.2.0, Ambari-2.1
Environment: All
Reporter: Jeffrey E Rodriguez
Ambari Security exposure -
"Quick Links" Ambari allow Ambari users to access servers inside of users
cluster. e.g. Click oozie Web UI, if installed, you get redirected to Ooozie UI
server. Worse yet, if not SSL set up that is a gapping security hole.
Since Knox is a component of Ambari then it makes sense to set the
Quickreferences as a proxified links.
This could work as follows:
+ If Knox is installed, the current topology may be picked and the proxified
links could be derived from the Knox gateway configuration.
The URL variable can then be set to the proxy URLs.
+ If Knox is not installed then we use the default non proxy URL variables.
In the example of Oozie, if you put the Oozie Knox through a proxy and put the
proxified link that would be accessed through Knox securely and outsiders to
the cluster would not gain information about the inside of the cluster.
Also We need to think about customers who may want to set a firewall, how would
customer access User Interfaces services in a cluster managed by Ambari
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
