[
https://issues.apache.org/jira/browse/NIFI-8220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt resolved NIFI-8220.
----------------------------
Resolution: Fixed
> Establish a secure by default configuration for NiFi
> ----------------------------------------------------
>
> Key: NIFI-8220
> URL: https://issues.apache.org/jira/browse/NIFI-8220
> Project: Apache NiFi
> Issue Type: Epic
> Components: Tools and Build
> Reporter: Joe Witt
> Assignee: Joe Witt
> Priority: Blocker
> Fix For: 1.14.0
>
>
> Inspired by this tweet
> https://twitter.com/_escctrl_/status/1359280656174510081?s=21 and the
> resulting discussion here
> https://lists.apache.org/thread.html/rc590f21807192a0dce18293c2d5b47392a6fd8a1ef26d77fbd6ee695%40%3Cdev.nifi.apache.org%3E
> It is time to change our config model. It was also setup to be easy to use.
> We've seen these silly setups on the Internet before but has gotten
> ridiculous. We need to take action.
> Will create a set of one or more JIRAs to roughly do the following.
> 1. Disable HTTP by default. If a user wants to enable to it for whatever
> reason then also make them enable a new property which says something to the
> effect of 'allow completely non secure access to the entire nifi instance -
> not recommended'
> 2. Enable HTTPS with one way authentication by default which would be the
> client authenticating the server whereby the server has a server cert. We
> could either make that cert a self-signed (and thus not trusted by client's
> by default) cert or give a way for the user to run through command line
> process to make a legit cert.
> 3. If not already configured with an authorization provider supply and out of
> the box provider which supports only a single auto generated at first startup
> user/password enabling access to the NiFi system.
> 4. Disable all restricted processors by default. Require the user to
> explicitly enable them.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
