Robert Joseph Evans created STORM-3227: ------------------------------------------
Summary: Improve security of credentials push Key: STORM-3227 URL: https://issues.apache.org/jira/browse/STORM-3227 Project: Apache Storm Issue Type: Improvement Components: storm-client, storm-server Reporter: Robert Joseph Evans Assignee: Robert Joseph Evans When pushing credentials to a topology most of the checks we do right now are to verify that the topology is allowing a given user to do the push, but we also need to protect the user from pushing to the wrong topology. This is really only an issue if a user has the push setup on some kind of a cron like job, and the topology is down (which should be rare), but to eliminate any race conditions we should have nimbus either verify that the topology is owned by the same user as the one doing the push, or have an optional user that the client expects the topology to be owned by. -- This message was sent by Atlassian JIRA (v7.6.3#76005)