[jira] [Comment Edited] (AIRFLOW-3164) verify certificate of LDAP server

Tue, 27 Nov 2018 12:19:31 -0800 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-3164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16700923#comment-16700923
 ] 

Maciej BryƄski edited comment on AIRFLOW-3164 at 11/27/18 8:01 PM:
-------------------------------------------------------------------

I know that LDAP without TLS transmits ever users password in plain text over 
the network where it could be sniffed.
But I can have this transfer in my private intranet.
If you want to have this secure - OK. But leave the option.
>From my side I'll be telling stories how bugfix upgrade of Airflow can kill 
>your env.
And this don't bring the trust into Airflow. And maybe you don't "officially" 
use SemVer but from user perspective it looks like SemVer.
(anyway why you want to have 2.0.0 as next version if you're not using SemVer ?)

About FAB 
If we move to FAB then I can use LDAP without TLS ?
Because FAB has option if I want to use TLS for LDAP connection.
https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L190

So this is another point for leaving a choise to user.

PS. I'm pretty sure that currently new UI have plenty of bugs and I don't want 
to be a guinea pig testing it.


was (Author: maver1ck):
I know that LDAP without TLS transmits ever users password in plain text over 
the network where it could be sniffed.
But I can have this transfer in my private intranet.
If you want to have this secure - OK. But leave the option.

About FAB 
If we move to FAB then I can use LDAP without TLS ?
Because FAB has option if I want to use TLS for LDAP connection.
https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L190

So this is another point for leaving a choise to user.

PS. I'm pretty sure that currently new UI have plenty of bugs and I don't want 
to be a guinea pig testing it.

> verify certificate of LDAP server
> ---------------------------------
>
>                 Key: AIRFLOW-3164
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3164
>             Project: Apache Airflow
>          Issue Type: Bug
>            Reporter: Bolke de Bruin
>            Priority: Blocker
>             Fix For: 1.10.1
>
>
> Currently we dont verify the certificate of the Ldap server this can lead to 
> security incidents.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to