[
https://issues.apache.org/jira/browse/AMBARI-10777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14544468#comment-14544468
]
Luciano Resende commented on AMBARI-10777:
------------------------------------------
These are pretty much the same, with a "security spin" on the current jira.
Once one is fixed, both should be marked fixed.
> Security exposure - Quicklinks to Web UI exposes cluster servers
> ----------------------------------------------------------------
>
> Key: AMBARI-10777
> URL: https://issues.apache.org/jira/browse/AMBARI-10777
> Project: Ambari
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.7.0, 2.0.0, 2.2.0, Ambari-2.1
> Environment: All
> Reporter: Jeffrey E Rodriguez
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Ambari Security exposure -
> "Quick Links" Ambari allow Ambari users to access servers inside of users
> cluster. e.g. Click oozie Web UI, if installed, you get redirected to Ooozie
> UI server. Worse yet, if not SSL set up that is a gapping security hole.
> Since Knox is a component of Ambari then it makes sense to set the
> Quickreferences as a proxified links.
> This could work as follows:
> + If Knox is installed, the current topology may be picked and the proxified
> links could be derived from the Knox gateway configuration.
> The URL variable can then be set to the proxy URLs.
> + If Knox is not installed then we use the default non proxy URL variables.
> In the example of Oozie, if you put the Oozie Knox through a proxy and put
> the proxified link that would be accessed through Knox securely and outsiders
> to the cluster would not gain information about the inside of the cluster.
> Also We need to think about customers who may want to set a firewall, how
> would customer access User Interfaces services in a cluster managed by Ambari
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
