Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

machine-exec endpoint is not secure

See original GitHub issue

Describe the bug

machine-exec endpoint is not secure https://github.com/eclipse/che-plugin-registry/blob/master/v3/plugins/eclipse/che-machine-exec-plugin/latest/meta.yaml#L17

It means that anyone is able to get access to containers terminal if he knows URL.

It’s needed to make machine-exec endpoint secure as Theia https://github.com/eclipse/che-plugin-registry/blob/master/v3/plugins/eclipse/che-theia/latest/meta.yaml#L21 and check if everything works as expected.

Che version

  • latest
  • nightly
  • other: please specify

Runtime

  • kubernetes (include output of kubectl version)
  • Openshift (include output of oc version)
  • minikube (include output of minikube version and kubectl version)
  • minishift (include output of minishift version and oc version)
  • docker-desktop + K8S (include output of docker version and kubectl version)
  • other: (please specify)

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
l0rdcommented, Jul 23, 2019

@AndrienkoAleksandr @evidolob please add the label in-progress if you start working on this issue.

0reactions
AndrienkoAleksandrcommented, Jul 31, 2019

Will be closed after merge https://github.com/eclipse/che/pull/14061

Read more comments on GitHub >

github_iconTop Results From Across the Web

Chapter 3. Configuring OpenShift Dev Spaces
Operator respects OpenShift cluster wide proxy configuration and no ... che-machine-exec , che-theia-endpoint-runtime-binary , and plug-in sidecar images.
Read more >
IGEL Technology: Next-Gen Edge OS, Endpoint Security
IGEL provides next-gen edge OS endpoint security, optimization, and control solutions for cloud workspaces and virtual desktops.
Read more >
Organization eclipse - Quay.io
Repository Name Last Modified State E eclipse kubernetes‑image‑puller 12/06/2022 normal E eclipse che‑operator Tomorrow at 5:47 AM normal E eclipse che‑java11‑maven 12/16/2021 normal
Read more >
Introduction to Devfile - GitHub Pages
Please note it's not possible to mix id and reference in single plugin ... maven-server port: 3101 attributes: protocol: http secure: 'true' public:...
Read more >
RED HAT CODEREADY WORKSPACES 2.5 - ADMINISTRATION ...
Following deployment scenarios are available: Single-user: The deployment contains no authentication service. Development environments are not secured.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Open terminal with non-patched images on OCP 4 fails

Next page

Some devfiles are not compatible with Hosted Che (che.openshift.io) due to 3 GB quota limitations