Yes, It is better to remove authentication. Because it is the LAN web-console, can we declare that we do not accept any security issues in the ElasticJob-UI?
------------------ Sincerely, Liang Zhang (John) Apache ShardingSphere 吴伟杰 <wuwei...@apache.org> 于2022年2月11日周五 18:12写道: > Hi Liang > > I have an idea. ShardingSphere ElasticJob-UI aims to provide a > convenient way to manage jobs. The current authentication and > authority is too simple to satisfied the security requirements. And > some users may have requirements such as LDAP. > Could we consider removing the authentications and roles? Let users do > the security stuff on their own. > > ----------------------------------------------- > > Weijie Wu 吴伟杰 > Apache ShardingSphere Committer > GitHub@TeslaCN > > zhangli...@apache.org <zhangli...@apache.org> 于2022年2月3日周四 11:35写道: > > > > Hi team, > > > > We received serval security issues report in ShardingSphere > ElasticJob-UI. > > > > As you know, The ShardingSphere ElasticJob-UI is for LAN only. We may not > > need to care about the security issue here. > > The UI is an optional tool, all ShardingSphere committers are > > backend background, they are not familiar with frontend. > > > > Some security teams only care about CVE as their result, but do not care > > about the real usage. It really trouble us. > > > > The team wants to spend time on more meaningful things, so I want to > > discuss the necessity of ShardingSphere ElasticJob-UI. It looks like we'd > > better to remove it from ShardingSphere ElasticJob, > > > > What do you think? > > > > ------------------ > > > > Sincerely, > > Liang Zhang (John) > > Apache ShardingSphere >
