Default Apache Nifi installation comes without security layer which exposes the development UI. As a result, users can freely access the Nifi project development with knowledge about the hostname and binding Port. You can see two potential security risks:

  • Flow controller attack : full policies to modify the processor on Flow Controller.
  • API attack: external invoked requests to start/stop/delete Nifi components.

Read More

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now