DataLinkDC
[Optimization][Devops] Dinky Devops FlinkWebUI can access directly And it may cause security issues
Search before asking
- [X] I had searched in the issues and found no similar optimization requirement.
Description
Dinky proxy Flink dashboard, and it can directly access by http://[dinky_host]:[dinky_port]/api/flink/localhost:8082/#/, don't need Dinky auth. Flink dashboard can submit jar,and it can cause security issues.
I wish access Devops FlinkWebUI need Diny auth OR disable FlinkWebUI by setting property file.
Are you willing to submit a PR?
- [ ] Yes I am willing to submit a PR!
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Hello @HejiaHo, this issue is about web, so I assign it to @Zzm0809. If you have any questions, you can comment and reply.
你好 @HejiaHo, 这个 issue 是关于 web 的,所以我把它分配给了 @Zzm0809。如有任何问题,可以评论回复。
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
目前在 Dinky 内运维中心访问跳转时需要有 dinky 登录后的 token, 否则无法访问
http://[dinky_host]:[dinky_port]/api/flink/localhost:8082/#/ 经测试,通过该方式是可以直接访问的,不需要任何认证。无痕模式或者换个浏览器都可以访问到。
目前在 Dinky 内运维中心访问跳转时需要有 dinky 登录后的 token, 否则无法访问
http://[dinky_host]:[dinky_port]/api/flink/localhost:8082/#/经测试,通过该方式是可以直接访问的,不需要任何认证。无痕模式或者换个浏览器都可以访问到。
1.0.2 has fixd
