Github user alopresto commented on the pull request:
https://github.com/apache/nifi/pull/256#issuecomment-220160457
@Edgardo, yes, NiFi provides access control and checks authentication and
authorization (if configured) before allowing a user or entity to access the
processor properties. However, as @adamonduty points out, when a template is
exported, any properties that are not marked as sensitive as exported as
plaintext values. If someone were to share this template, the webhook URL would
be included. Consider the URL similar to a shared password for room access.
It's something that should be protected from unnecessary access within NiFi, as
well as from accidental data leakage via template export.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
