Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hello I Want To Know That Without Any Access To The Webserver Component, Is It Possible To Use Clearml? I’M Asking From A Security Perspective.. Paraphrasing: Can An Intruder With Access To Clearml-Api Do Anything They Want? How Are They Limited? (With

Hello
I want to know that without any access to the webserver component, is it possible to use ClearML?
I’m asking from a security perspective..

Paraphrasing:
Can an intruder with access to clearml-api do anything they want? How are they limited?

(with no Web Login Authentication)

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report
Votes Newest

Answers 31

Awesome info! Thanks!
What env variable should I use?
Also maybe I can block unauthenticated access to that endpoint too, I guess clearml-agent doesn’t use it!

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER

No, this is unrelated

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

Oh well it doesn’t work for me then… I keep getting errors.

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

ah ok. So only solution is changing the hardcoded one…
I will be looking into docs to find the right env variable. If you know it I’d appreciate you telling me 😄 SuccessfulKoala55

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

I might be wrong about the company_id 🙂 - but in case I'm wrong, you'll see it quickly since you won't be able to login with new users to the UI 🙂

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

Huh it works now…!

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

are you sure you're using the latest docker images?

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

No it doesn’t work from entirely new browser too. 😞
As this is a staging instance. let me remove and deploy without these changes.

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

The dashboard doesn’t load

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

SuccessfulKoala55 I’m getting 405 on api calls with the configuration you proposed. (btw I think USER_KEY is right, with a single underscore)

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

It’s probably unrelated 😬 I’ll keep you posted.

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Oh, sorry! both user_key and user_secret are with a single underscore :)

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

Well, it should appear (if you cleared all cookies)

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

try from a private browsing session

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

webserver deployment:

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Can you show exactly what you changed in the docker compose?

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

btw - if you didn't login, the UI probably used a previous token. changing the session secret might have messed that up 🙂

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

Thanks a million SuccessfulKoala55 😍

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

no. apparently changing these variables causes something to fail.

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

The login prompt doesn’t appear (I tried removing cookies and all too)

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Where exactky?

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER
Does this one need to be changed?

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Sure 🙂

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

yep it was unrelated.. sorry
Thanks for your help

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Is this after doing a user login in the UI?

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

Well, actually it's used by both ClearML SDK and agent since both start with credentials but generate a token as soon as possible (more secure and faster)

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

image

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Env vars for the webserver:
USER_KEY: some access key USER_SECRET: some secret key COMPANY_ID: "d1bd92a3b039400cbafc60a7a5b1e52b"
Env vars for the apiserver:
CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER__KEY: same as the above key CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER__SECRET: same as the above secret

  
  
Posted 4 years ago
pic
More
SuccessfulKoala55
0 × 1
Report

I’m using cloud-ready helm chart (with some modifications)
So for api-server deployment:

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report

Ok I think I might have found the problem.

  
  
Posted 4 years ago
pic
More
DisgustedDove53
0 × 1
Report
Show more results replies
Write your answer
116K Views
31 Answers
4 years ago
one year ago
Tags
clearml
Similar posts