[
https://issues.apache.org/jira/browse/STORM-3227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Joseph Evans resolved STORM-3227.
----------------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
> Improve security of credentials push
> ------------------------------------
>
> Key: STORM-3227
> URL: https://issues.apache.org/jira/browse/STORM-3227
> Project: Apache Storm
> Issue Type: Improvement
> Components: storm-client, storm-server
> Reporter: Robert Joseph Evans
> Assignee: Robert Joseph Evans
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> When pushing credentials to a topology most of the checks we do right now are
> to verify that the topology is allowing a given user to do the push, but we
> also need to protect the user from pushing to the wrong topology.
>
> This is really only an issue if a user has the push setup on some kind of a
> cron like job, and the topology is down (which should be rare), but to
> eliminate any race conditions we should have nimbus either verify that the
> topology is owned by the same user as the one doing the push, or have an
> optional user that the client expects the topology to be owned by.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
