Re: OOM by huge header size attack: setResponseHeaderSize won't work

2017-03-23 Thread Andy LoPresto
I’ve moved further discussion of this issue to secur...@nifi.apache.org . Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 23, 2017, at 10:26 AM, Ke Yang (Conan)

OOM by huge header size attack: setResponseHeaderSize won't work

2017-03-23 Thread Ke Yang (Conan)
Folks, We use NiFi which embeds Jetty Server. Our test team found a security bug by intercepting the http request and replacing the header with a huge (say 1GB) text, which sent the response to NCM, which got OOM: 2017-03-07 03:44:03,522 WARN [NiFi Web Server-22]

Re: errors while importing templates of process groups created from templates of other process groups

2017-03-23 Thread Bryan Bende
Ben, Thanks for taking the time to report this and for providing great detail!! I'm going to add the steps you provided to NIFI-3509 because it does seem like it could be related to that. Can you provide the templates that were created from the steps you outlined? Either a gist or attaching

redis / memcached implementation of MapCacheServer

2017-03-23 Thread Sam Preston
Hi, I'm currently using the DistributedMapCacheServer / DistributedMapCacheClientService to perform deduplication and property lookups, but I'd like to use a more standard cache implementation with separate deployment and management options. Is there any work being done on providing a redis /

Re: Admin policies not set by default

2017-03-23 Thread Matt Gilman
There is no option to add users with full privilege. Setting the initial admin identity will give that user access to the UI and permissions to manage users, groups, and policies. Additionally, if the NiFi instance has an existing flow it will grant permissions to the root group. Otherwise, the

Re: How to access Controller Service created in UI into Root processors in NiFi-1.1.1?

2017-03-23 Thread Pierre Villard
Hi, I believe you created your controller service by going into "controller settings" in the main menu. This should not be done this way as controller services created here are only to be used by reporting tasks. To create controller services for processors, you need to create it at Process Group

Re: Admin policies not set by default

2017-03-23 Thread kumar r
Yes i have set Initial Admin Identity before first time itself. Is this a behavior or issue? I doubt that missed anything. On Thu, Mar 23, 2017 at 12:32 PM, Andy LoPresto wrote: > Did you add that user as the Initial Admin Identity in authorizers.xml > before the

Re: Admin policies not set by default

2017-03-23 Thread Andy LoPresto
Did you add that user as the Initial Admin Identity in authorizers.xml before the first time you tried to access the UI? If so, please file a Jira issue, as all default permissions should be applied to that user. Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint:

Admin policies not set by default

2017-03-23 Thread kumar r
Hi, I have configured NiFi-1.1.1 with authentication. When accessing NiFi web UI with admin user, i can't able to do some operations and it shows like "user not allowed to perform this operation". When i go to policies and set policy for admin user, everything works fine. For example, Admin