[
https://issues.apache.org/jira/browse/KYLIN-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15288483#comment-15288483
]
hongbin ma commented on KYLIN-1664:
-----------------------------------
I agree with you. Ideally we should keep all the APIs under authentication
protection. Just need to go through all the CLI tools using these REST APIs.
They need refactored to accept authentication inputs. Will you consider
contributing?
> rest api '/kylin/api/admin/config' without security check
> ---------------------------------------------------------
>
> Key: KYLIN-1664
> URL: https://issues.apache.org/jira/browse/KYLIN-1664
> Project: Kylin
> Issue Type: Bug
> Components: REST Service
> Affects Versions: v1.5.1
> Environment: Ubuntu 14.4
> Jdk 1.7.0
> Kylin 1.5.1 binary
> Reporter: Hanhui LI
> Assignee: hongbin ma
> Labels: test
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> rest api '/kylin/api/admin/config' without security check.
> Please check the follwoing:
> ===========================================
> GET Request:
> http://127.0.0.1:7070/kylin/api/admin/config
> Response:
> {"config":"kylin.hbase.region.cut.large=50\nkylin.hbase.default.compression.codec=snappy\ndeploy.env=QA\nacl.adminRole=ROLE_ADMIN\nkylin.sandbox=true\nkylin.hdfs.working.dir=/kylin\nldap.user.searchBase=\nkylin.job.concurrent.max.limit=10\nkylin.job.remote.cli.password=\nsaml.metadata.file=classpath:sso_metadata.xml\nkylin.job.yarn.app.rest.check.interval.seconds=10\nmail.sender=\nmail.password=\nkylin.job.remote.cli.username=\nmail.username=\nsaml.context.serverPort=443\nkylin.web.help.length=4\nkylin.job.run.as.remote.cmd=false\nldap.service.searchPattern=\nkylin.web.contact_mail=\nldap.user.groupSearchBase=\nkylin.hbase.region.cut.small=5\nkylin.web.hive.limit=20\nkylin.job.mapreduce.default.reduce.input.mb=500\nkylin.job.hive.database.for.intermediatetable=default\nkylin.metadata.url=kylin_metadata@hbase\nldap.password=\nldap.username=\nkylin.storage.url=hbase\nganglia.port=8664\nldap.user.searchPattern=\nkylin.job.status.with.kerberos=false\nganglia.group=\nkylin.hbase.cluster.fs=\nacl.defaultRole=ROLE_ANALYST,ROLE_MODELER\nsaml.context.contextPath=/kylin\nmail.host=\nkylin.job.remote.cli.working.dir=/tmp/kylin\nkylin.web.diagnostic=\nsaml.context.scheme=https\nkylin.job.cubing.inmem.sampling.percent=100\nldap.service.groupSearchBase=\nsaml.metadata.entityBaseURL=https://hostname/kylin\nkylin.hbase.hfile.size.gb=5\nldap.service.searchBase=\[email protected]\nmail.enabled=false\nkylin.rest.servers=localhost:7070\nkylin.security.profile=testing\nkylin.job.retry=0\nsaml.context.serverName=hostname\nldap.server=ldap://ldap_server:389\nkylin.job.remote.cli.hostname=\nkylin.query.security.enabled=true\nkylin.server.mode=all\nkylin.web.help.3=onboard|Cube
> Design Tutorial|\nkylin.web.help.2=tableau|Tableau
> Guide|\nkylin.web.help.1=odbc|ODBC
> Driver|\nkylin.hbase.region.cut.medium=10\nkylin.web.help.0=start|Getting
> Started|\nkylin.web.hadoop=\nkylin.web.streaming.guide=http://kylin.apache.org/\n"}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
