[jira] [Commented] (STORM-78) Storm UI Needs HTTP Auth

Thu, 09 Jan 2014 08:11:38 -0800 

    [ 
https://issues.apache.org/jira/browse/STORM-78?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13866735#comment-13866735
 ] 

Robert Joseph Evans commented on STORM-78:
------------------------------------------

[~ptgoetz] We at Yahoo have done a lot of work on securing storm and are 
currently running with it in production. This includes some work towards this 
JIRA. We have our own single sign on that we support through an http filter.  I 
have been looking for a good way for us to get back in sync with the community, 
if this is a high priority for you, I would be happy to take some of my weekend 
and upmerge all that we have done to the latest apache.  My biggest concern is 
that it is a lot of code.  I am fine if you want to try and review it all in 
one monster session, but I think I would prefer it if we could file a rollup 
JIRA for security and we can pull our changes onto a branch, and then file 
smaller JIRA to pull back different parts of it to master as they are reviewed. 
 That way people can see and start using security now, but with the stipulation 
that things might change.

> Storm UI Needs HTTP Auth
> ------------------------
>
>                 Key: STORM-78
>                 URL: https://issues.apache.org/jira/browse/STORM-78
>             Project: Apache Storm (Incubating)
>          Issue Type: Improvement
>            Reporter: James Xu
>
> https://github.com/nathanmarz/storm/issues/452
> When we start storm ui, any one can access it by ip / port. It would be good 
> if there is a HTTP Auth for basic security.
> ----------
> Jagaran: We are also implementing Storm for one of our Client.
> We also need to secure HTTP based Storm UI ? Any updates or future road map 
> for implementing this Security ??
> ----------
> Jargaran: I can also contribute to this part in Storm ? let me know the steps
> ----------
> lockwobr: I would also really find the feature useful. when you are in cloud 
> you can't just let this kind of thing hanging in the wind.
> ----------
> tvpavan: @Jagaran Do you have a fork which has this fix ?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to