Mohanad Elsafty created HDDS-7307:
-------------------------------------
Summary: sensitive info is exposed via s3 gateway
Key: HDDS-7307
URL: https://issues.apache.org/jira/browse/HDDS-7307
Project: Apache Ozone
Issue Type: Bug
Components: S3
Reporter: Mohanad Elsafty
There is sensitive info exposed via public s3gateway. I am exposing s3 to the
world in order for my clients to be able to access it. the only issue there is
sensitive info exposed to the world as well.
like */static /static/index.html /conf /prom /logs ....*
I am depending on aws key/secret for s3gateway authentication. I know there is
a way to protect these urls when using kerberos but what is the case if I am
not using kerberos?
At the moment I am thinking about blocking the access to these urls using a
Filter. but this will also block my prometheus monetoring.
I also thought about creating a new Filter and check for aws key/secret to
protect these urls and send valid key/secret from my internal prometheus in
order to read the data.
Another idea that came to my mind. block the access to these urls then start
another server (different port) which is not exposed to the world. but again
this will not provide real data in /prom (the data collected will belong to the
new server).
Anyone can suggest better ideas for this issue?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
