[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user merrimanr commented on the issue: https://github.com/apache/metron/pull/895 +1 by inspection. Thanks @MohanDV! ---
[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user MohanDV commented on the issue: https://github.com/apache/metron/pull/895 addressed review comments to add the required ACL to current user while creating a new topic using the rest end point. ---
[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user MohanDV commented on the issue: https://github.com/apache/metron/pull/895 I have reopened my earlier pull request (https://github.com/apache/metron/pull/891) where I am adding the required acl's while creating the topic, without a separate endpoint. ---
[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user simonellistonball commented on the issue: https://github.com/apache/metron/pull/895 One option here, that would make me less grumpy would be to incorporate the acl actions with the topic creation actions, which at least prevents nefarious insiders from using this endpoint to give themselves access to arbitrary topics they didn't create. ---
[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user simonellistonball commented on the issue: https://github.com/apache/metron/pull/895 Ok, so we have some authentication, with clear text passwords, but we don't have any authorization on the end points, which causes compliance issues with things like access change request. ---
[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user simonellistonball commented on the issue: https://github.com/apache/metron/pull/895 -1 (non-binding) This is a pen-tester's dream. We currently have no authentication around this endpoint, and allowing it to actually set acls make it a serious security hole. That may be out of scope in the case of this PR, but I wouldn't want this in a release until we had some security. ---
[GitHub] metron issue #895: METRON-1394:Create Rest endpoint to add the ACL for curre...
Github user MohanDV commented on the issue: https://github.com/apache/metron/pull/895 Bump. Can anyone offer a binding +1 ? I Would like to get this in. ---
