Hi Liang I have an idea. ShardingSphere ElasticJob-UI aims to provide a convenient way to manage jobs. The current authentication and authority is too simple to satisfied the security requirements. And some users may have requirements such as LDAP. Could we consider removing the authentications and roles? Let users do the security stuff on their own.
----------------------------------------------- Weijie Wu 吴伟杰 Apache ShardingSphere Committer GitHub@TeslaCN [email protected] <[email protected]> 于2022年2月3日周四 11:35写道: > > Hi team, > > We received serval security issues report in ShardingSphere ElasticJob-UI. > > As you know, The ShardingSphere ElasticJob-UI is for LAN only. We may not > need to care about the security issue here. > The UI is an optional tool, all ShardingSphere committers are > backend background, they are not familiar with frontend. > > Some security teams only care about CVE as their result, but do not care > about the real usage. It really trouble us. > > The team wants to spend time on more meaningful things, so I want to > discuss the necessity of ShardingSphere ElasticJob-UI. It looks like we'd > better to remove it from ShardingSphere ElasticJob, > > What do you think? > > ------------------ > > Sincerely, > Liang Zhang (John) > Apache ShardingSphere
