I agree with the overall idea, although I would think it requires a major release to make this kind of change to the default behavior.
Also, we have always avoided NiFi being a store of usernames and passwords, so we don't have a login provider that uses a local file or a database, we've always said you connect to LDAP/AD for that. Obviously it can be implemented, but just pointing out that we'd have to change our stance here if we want to provide a default username and password to authenticate with. On Tue, Feb 9, 2021 at 11:25 PM Andrew Grande <[email protected]> wrote: > > Mysql has been generating an admin password on default installs for, like, > forever. This workflow should be familiar for many users. > > I'd suggest taking the automation tooling into account and how a production > rollout (user-provided password) would fit into the workflow. > > Andrew > > On Tue, Feb 9, 2021, 8:15 PM Tony Kurc <[email protected]> wrote: > > > Joe, > > In addition to your suggestions, were you thinking of making this processor > > disabled by default as well? > > > > Tony > > > > > > On Tue, Feb 9, 2021, 11:04 PM Joe Witt <[email protected]> wrote: > > > > > Team > > > > > > While secure by default may not be practical perhaps ‘not blatantly wide > > > open’ by default should be adopted. > > > > > > I think we should consider killing support for http entirely and support > > > only https. We should consider auto generating a user and password and > > > possibly server cert if nothing is configured and log the generated user > > > and password. Sure it could still be configured to be non secure but > > that > > > would truly be an admins fault. Now its just ‘on’ > > > > > > This tweet is a great example of why > > > > > > https://twitter.com/_escctrl_/status/1359280656174510081?s=21 > > > > > > > > > Who agrees? Who disagrees? Please share ideas. > > > > > > Thanks > > > > >
