Hi, all I agree with Weijie Wu's suggestion. We can remove the authentication and declare in the project description that it is not recommended to deploy in the public network, and no longer accept any security issues caused by the deprecated deployment.
zhangli...@apache.org <zhangli...@apache.org> 于2022年2月12日周六 15:00写道: > > Yes, It is better to remove authentication. > Because it is the LAN web-console, can we declare that we do not accept any > security issues in the ElasticJob-UI? > > ------------------ > > Sincerely, > Liang Zhang (John) > Apache ShardingSphere > > > 吴伟杰 <wuwei...@apache.org> 于2022年2月11日周五 18:12写道: > > > Hi Liang > > > > I have an idea. ShardingSphere ElasticJob-UI aims to provide a > > convenient way to manage jobs. The current authentication and > > authority is too simple to satisfied the security requirements. And > > some users may have requirements such as LDAP. > > Could we consider removing the authentications and roles? Let users do > > the security stuff on their own. > > > > ----------------------------------------------- > > > > Weijie Wu 吴伟杰 > > Apache ShardingSphere Committer > > GitHub@TeslaCN > > > > zhangli...@apache.org <zhangli...@apache.org> 于2022年2月3日周四 11:35写道: > > > > > > Hi team, > > > > > > We received serval security issues report in ShardingSphere > > ElasticJob-UI. > > > > > > As you know, The ShardingSphere ElasticJob-UI is for LAN only. We may not > > > need to care about the security issue here. > > > The UI is an optional tool, all ShardingSphere committers are > > > backend background, they are not familiar with frontend. > > > > > > Some security teams only care about CVE as their result, but do not care > > > about the real usage. It really trouble us. > > > > > > The team wants to spend time on more meaningful things, so I want to > > > discuss the necessity of ShardingSphere ElasticJob-UI. It looks like we'd > > > better to remove it from ShardingSphere ElasticJob, > > > > > > What do you think? > > > > > > ------------------ > > > > > > Sincerely, > > > Liang Zhang (John) > > > Apache ShardingSphere > >
