[
https://issues.apache.org/jira/browse/NIFI-5209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16507573#comment-16507573
]
ASF subversion and git services commented on NIFI-5209:
-------------------------------------------------------
Commit d02cd4f909c5c58b5606b3636726d872f2a10ce5 in nifi's branch
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=d02cd4f ]
NIFI-5209 Removed secure hash functionality from ConfigEncryptionTool.
Removed relevant unit tests.
This closes #2761.
Signed-off-by: Kevin Doran <kdo...@apache.org>
> Remove toolkit migration without password functionality
> -------------------------------------------------------
>
> Key: NIFI-5209
> URL: https://issues.apache.org/jira/browse/NIFI-5209
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.7.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Blocker
> Labels: hash, key, passwords, revert, security, toolkit
> Fix For: 1.7.0
>
>
> In NIFI-4942, new functionality was added to allow Ambari clients to perform
> the encrypted configuration migration without providing the original password
> or key by using a secure hash of the original credential to demonstrate
> knowledge of that value. The Ambari team found another way on their end to
> perform this action, and rather than allow the {{./secure_hash.key}} behavior
> to be released and then removed at a later time, complicating our security
> posture and potentially creating difficult support cases, it is better to
> remove it completely before the 1.7.0 release.
> However, it is not as simple as just backing out a few commits, as necessary
> refactoring of the tool code also occurred at that time. I will remove this
> feature while maintaining the improvements made to the toolkit.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
