Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[minor] Replace 'SIMPLE' auth with 'simple' auth everywhere in documents #2331

Closed
wants to merge 1 commit into from

Conversation

@VipinRathor
Copy link
Contributor

VipinRathor commented May 10, 2017

What is this PR for?

This PR fixes a security hole in documentation when 'SIMPLE' authentication mechanism is defined in Shiro configuration (http://zeppelin.apache.org/docs/0.8.0-SNAPSHOT/security/shiroauthentication.html). With that, user can log in without entering his/her password. Zeppelin documentation should recommend the correct value which is 'simple'.

What type of PR is it?

Documentation

What is the Jira issue?

N/A

Questions:

  • Does the licenses files need update? no
  • Is there breaking changes for older versions? no
  • Does this needs documentation? yes
Copy link
Member

felixcheung left a comment

LGTM it's good for example/documentation but we should fix it to lower case always just to be safe?

@VipinRathor

This comment has been minimized.

Copy link
Contributor Author

VipinRathor commented May 11, 2017

Thanks @felixcheung for spending time on this and approving.

but we should fix it to lower case always just to be safe?

As per Shiro doc and JNDI LDAP doc, the acceptable values are 'none', 'simple', 'SASL' or 'DIGEST-MD5' etc. So converting AuthenticationMechanism value to lower case might not be a good idea.

@Leemoonsoo

This comment has been minimized.

Copy link
Member

Leemoonsoo commented May 14, 2017

LGTM and merge to master and branch-0.7 if no further comment

asfgit pushed a commit that referenced this pull request May 15, 2017
### What is this PR for?
This PR fixes a security hole in documentation when 'SIMPLE' authentication mechanism is defined in Shiro configuration (http://zeppelin.apache.org/docs/0.8.0-SNAPSHOT/security/shiroauthentication.html). With that, user can log in without entering his/her password. Zeppelin documentation should recommend the correct value which is 'simple'.

### What type of PR is it?
Documentation

### What is the Jira issue?
N/A

### Questions:
* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? yes

Author: Vipin Rathor <v.rathor@gmail.com>

Closes #2331 from VipinRathor/fix-SIMPLE-auth-doc and squashes the following commits:

a1f0e48 [Vipin Rathor] [minor] Replace 'SIMPLE' auth with 'simple' auth everywhere in documents

(cherry picked from commit 95980c7)
Signed-off-by: Lee moon soo <moon@apache.org>
@asfgit asfgit closed this in 95980c7 May 15, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.