[jira] [Commented] (NIFI-8220) Establish a secure by default configuration for NiFi

[Joey Frazee (Jira)]

    [ 
https://issues.apache.org/jira/browse/NIFI-8220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287405#comment-17287405
 ] 

Joey Frazee commented on NIFI-8220:
-----------------------------------

I don't have anything to show for it, but prior to this I started looking 
around at tools for what would ostensibly be a deployment linter -- even if 
more secure by default happens, I was thinking about how to identify when a 
best practice was ignored or overridden. 

Is this in the domain of of the toolkit? Would a documentation walkthrough 
using existing server admin tools be more sensible?

> Establish a secure by default configuration for NiFi
> ----------------------------------------------------
>
>                 Key: NIFI-8220
>                 URL: https://issues.apache.org/jira/browse/NIFI-8220
>             Project: Apache NiFi
>          Issue Type: Epic
>          Components: Tools and Build
>            Reporter: Joe Witt
>            Assignee: Joe Witt
>            Priority: Blocker
>             Fix For: 1.14.0
>
>
> Inspired by this tweet 
> https://twitter.com/_escctrl_/status/1359280656174510081?s=21 and the 
> resulting discussion here 
> https://lists.apache.org/thread.html/rc590f21807192a0dce18293c2d5b47392a6fd8a1ef26d77fbd6ee695%40%3Cdev.nifi.apache.org%3E
> It is time to change our config model.  It was also setup to be easy to use.  
> We've seen these silly setups on the Internet before but has gotten 
> ridiculous.  We need to take action.
> Will create a set of one or more JIRAs to roughly do the following.
> 1.  Disable HTTP by default.  If a user wants to enable to it for whatever 
> reason then also make them enable a new property which says something to the 
> effect of 'allow completely non secure access to the entire nifi instance - 
> not recommended'
> 2. Enable HTTPS with one way authentication by default which would be the 
> client authenticating the server whereby the server has a server cert.  We 
> could either make that cert a self-signed (and thus not trusted by client's 
> by default) cert or give a way for the user to run through command line 
> process to make a legit cert. 
> 3. If not already configured with an authorization provider supply and out of 
> the box provider which supports only a single auto generated at first startup 
> user/password enabling access to the NiFi system.
> 4. Disable all restricted processors by default.  Require the user to 
> explicitly enable them.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)