[
https://issues.apache.org/jira/browse/NIFI-2339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15394395#comment-15394395
]
Joseph Witt commented on NIFI-2339:
-----------------------------------
[~mcgilman] Matt i don't know if this is all you had in mind but I did a fairly
thorough review through the codebase searching through the
- DTOs
- DAOs
- Things which created exceptions like IllegalArg/State, NPE, CoreNiFiException
- Things which use getName, getType, etc..
And all the uses of internal details which could be authorization leakage in
nature for exceptions all seemed quite good (using identifiers only). So just
these few tweaks seemed to be all that is needed.
If you could take a look that would be great.
> Component details need to be removed from all error messages
> ------------------------------------------------------------
>
> Key: NIFI-2339
> URL: https://issues.apache.org/jira/browse/NIFI-2339
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Matt Gilman
> Assignee: Joseph Witt
> Priority: Blocker
> Fix For: 1.0.0
>
>
> Error and informative message often contain component details which need to
> be scrubbed when the user is not authorized for reading that component.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
