[jira] [Commented] (FLINK-21108) Flink runtime rest server and history server webmonitor do not require authentication.

Wed, 27 Jan 2021 07:52:05 -0800 


    [ 
https://issues.apache.org/jira/browse/FLINK-21108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17272950#comment-17272950
 ] 

Xiaoguang Sun commented on FLINK-21108:
---------------------------------------

At this time, anybody who knows the endpoint of a running Flink cluster can 
access it. This makes it easier to be compromised when there is vulnerability, 
CVE-2020-17518 for example. In addition, people how has access to web console 
can terminate or even submit new job which essentially make it possible to run 
arbitrary code on production environment. In addition, people can introspect 
configuration of running jobs which might contain sensitive information as 
well. 

For these reasons, it is kind of important to restrict Flink console to be only 
available to authenticated users. Reverse proxy is one way of doing it, but we 
probably need to figure out a way to completely hide the real server behind 
such authentication proxy so malicious users can't by pass proxy and access 
Flink console directly. This problem is getting worse when users are running 
Flink on Kubernetes, the highly dynamic nature of Kubernetes will make 
hardening Flink console a tough job because the address of Kubernetes ingress 
server might change as well. If restricting access to Flink console is 
something we have to do, we will have to  
deal with this scenario eventually.

> Flink runtime rest server and history server webmonitor do not require 
> authentication.
> --------------------------------------------------------------------------------------
>
>                 Key: FLINK-21108
>                 URL: https://issues.apache.org/jira/browse/FLINK-21108
>             Project: Flink
>          Issue Type: New Feature
>          Components: Runtime / REST, Runtime / Web Frontend
>            Reporter: Xiaoguang Sun
>            Priority: Major
>              Labels: pull-request-available
>
> Flink runtime rest server and history server webmonitor do not require 
> authentication. At certain scenarios, prohibiting unauthorized access is 
> desired. Http basic authentication can be used here.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to