You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Re-upping conversation from Netflix/conductor#3052 . In the old Netflix repo, the README had "Authentication: We recommend that authentication & authorization be de-coupled from the UI and handled at the web server/access gateway." but this doesn't exist in this repo.
As I begin to evaluate Conductor, it still seems true that there is simply no authentication or authorization in any part of the (OSS, non-Orkes) platform, by default. Is that correct? Nothing preventing an inappropriate user on our network from launching a workflow (via API or UI), nothing preventing a pen-tester (for example) from starting a worker process that handles tasks?
Unless we use network controls (like iptables or AWS Security groups) and/or an authorizing reverse proxy.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Conductor OSS
-
Re-upping conversation from Netflix/conductor#3052 . In the old Netflix repo, the README had "Authentication: We recommend that authentication & authorization be de-coupled from the UI and handled at the web server/access gateway." but this doesn't exist in this repo.
As I begin to evaluate Conductor, it still seems true that there is simply no authentication or authorization in any part of the (OSS, non-Orkes) platform, by default. Is that correct? Nothing preventing an inappropriate user on our network from launching a workflow (via API or UI), nothing preventing a pen-tester (for example) from starting a worker process that handles tasks?
Unless we use network controls (like iptables or AWS Security groups) and/or an authorizing reverse proxy.
Again, is this correct?
Beta Was this translation helpful? Give feedback.
All reactions