[jira] [Comment Edited] (NIFI-7786) Bring back Trusted Hostname property from InvokeHTTP processor

Tue, 01 Nov 2022 20:17:07 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-7786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17627440#comment-17627440
 ] 

Liu Zheng edited comment on NIFI-7786 at 11/2/22 3:16 AM:
----------------------------------------------------------

To get around hostname is invalid, I had to manually extend a new InvokeHttp 
from the NAR level.
I definitely know it's an untrusted certificate and doesn't respect subject 
alternative name matching, like frequent IP address switching, just for testing.
At the same time, this security measure is too strict, especially the subject 
alternative name.
I can't rectify the whole system key for one tiny feature. This is not 
realistic.
I have always felt that security risk is an issue that needs to be considered, 
but please leave the choice to the user, not the tool itself, the two do not 
conflict.


was (Author: deathknight0718):
To get around hostname is invalid, I had to manually extend a new InvokeHttp 
from the NAR level.
I definitely know it's an untrusted certificate and doesn't follow subject 
alternative name matching, but it's just a test of the ip address.
At the same time, the security measures are incredibly strict, especially for 
the subject alternative name.
I can't rectify the whole system key for one tiny feature. This is not 
realistic.
I've always felt that security risk is something to consider, but please leave 
the choice to the user, not the tool itself.

> Bring back Trusted Hostname property from InvokeHTTP processor
> --------------------------------------------------------------
>
>                 Key: NIFI-7786
>                 URL: https://issues.apache.org/jira/browse/NIFI-7786
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.10.0
>            Reporter: Kun Deng
>            Priority: Major
>
> Removing this option is a mistake.  Just google how many people need this 
> option for various reasons. 
> It is an option so that by using it, people are willing to take the risks. 
>  
> Please bring back this option.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to