[
https://issues.apache.org/jira/browse/NIFI-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15670621#comment-15670621
]
Anders Breindahl edited comment on NIFI-3045 at 11/16/16 2:57 PM:
------------------------------------------------------------------
Attached: simple template listing the process list of the local system.
was (Author: skrewz):
Simple template listing the process list of the local system.
> Usage of -k undermines encrypted configuration
> ----------------------------------------------
>
> Key: NIFI-3045
> URL: https://issues.apache.org/jira/browse/NIFI-3045
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Anders Breindahl
> Attachments: extract-dash-ks-from-process-list.xml
>
>
> Hey,
> When setting up a hardened NiFi installation I ran into this. I hope I'm
> mistaken.
> When running the `encrypt-config.sh` script, one has a
> `nifi.bootstrap.sensitive.key` string configured in `bootstrap.conf`. The
> service startup script makes this be passed from `RunNifi` to`NiFi` by a `-k`
> parameter.
> This however can be retrieved by any user of the interface---which, combined
> with NiFi being able to read from (the
> encrypted-under-`nifi.bootstrap.sensitive.key`) `nifi.properties` file means
> that e.g. the `nifi.security.keystorePasswd` property can be decrypted
> offline.
> Does this have anything to it?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
