[ https://issues.apache.org/jira/browse/NIFI-5209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16507573#comment-16507573 ]
ASF subversion and git services commented on NIFI-5209: ------------------------------------------------------- Commit d02cd4f909c5c58b5606b3636726d872f2a10ce5 in nifi's branch refs/heads/master from [~alopresto] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=d02cd4f ] NIFI-5209 Removed secure hash functionality from ConfigEncryptionTool. Removed relevant unit tests. This closes #2761. Signed-off-by: Kevin Doran <kdo...@apache.org> > Remove toolkit migration without password functionality > ------------------------------------------------------- > > Key: NIFI-5209 > URL: https://issues.apache.org/jira/browse/NIFI-5209 > Project: Apache NiFi > Issue Type: Improvement > Components: Tools and Build > Affects Versions: 1.7.0 > Reporter: Andy LoPresto > Assignee: Andy LoPresto > Priority: Blocker > Labels: hash, key, passwords, revert, security, toolkit > Fix For: 1.7.0 > > > In NIFI-4942, new functionality was added to allow Ambari clients to perform > the encrypted configuration migration without providing the original password > or key by using a secure hash of the original credential to demonstrate > knowledge of that value. The Ambari team found another way on their end to > perform this action, and rather than allow the {{./secure_hash.key}} behavior > to be released and then removed at a later time, complicating our security > posture and potentially creating difficult support cases, it is better to > remove it completely before the 1.7.0 release. > However, it is not as simple as just backing out a few commits, as necessary > refactoring of the tool code also occurred at that time. I will remove this > feature while maintaining the improvements made to the toolkit. -- This message was sent by Atlassian JIRA (v7.6.3#76005)