Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRIT Server 'unix_http_server' running without any HTTP authentication checking #694

Closed
ngton opened this issue Nov 18, 2015 · 4 comments
Closed

CRIT Server 'unix_http_server' running without any HTTP authentication checking #694

ngton opened this issue Nov 18, 2015 · 4 comments
Labels
logging question

Comments

@ngton
Copy link

ngton commented Nov 18, 2015

This shouldn't be a CRIT level message, it's WARN at most.

As per the documentation:

username
The username required for authentication to this HTTP server.

Default: No username required.

Required: No.

Introduced: 3.0

If username is not a requirement, a CRIT message should not be generated.
@mnaberez
Copy link
Member

This is logged at the highest level because it's a critical security concern. We allow supervisord to be run without authentication checking for things like local development, but we don't want it run without authentication in any kind of production environment. If you choose to run it that way, you'll still be able to do that, but by design you're going to have to endure this log message. I won't give you a way to turn this off, sorry.

@olivielpeau olivielpeau mentioned this issue Dec 28, 2015
Closed
@mnaberez mnaberez mentioned this issue Jan 29, 2016
Closed
@kellytk
Copy link

kellytk commented Aug 23, 2016

@mnaberez If only a [unix_http_server] block is configured, (meaning no [inet_http_server] block) no outside access to the HTTP server would be allowed. In that scenario, running without HTTP authentication seems reasonable. Would you explain why you disagree?

@mnaberez
Copy link
Member

See comments attached to #717.

@yixuan178
Copy link

due to security issue, if there has any password/user in configuration is also not allowed, but w/o user/passowrd configuration, it will show warning message. any good solution for it?

nijel added a commit to WeblateOrg/docker that referenced this issue Aug 5, 2019
@nijel
Silent critical error when starting supervisor
3660490 
See Supervisor/supervisor#694

Signed-off-by: Michal Čihař <[email protected]>
@casperklein casperklein mentioned this issue Nov 13, 2020
Closed
@3kami3 3kami3 mentioned this issue Apr 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
logging question
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mnaberez @yixuan178 @kellytk @ngton