[Bug]: When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password. #40267

zhuwenxing · 2025-02-28T06:41:25Z

Is there an existing issue for this?

I have searched the existing issues

Environment

- Milvus version:master/2.5
- Deployment mode(standalone or cluster):with auth enabled
- MQ type(rocksmq, pulsar or kafka):    
- SDK version(e.g. pymilvus v2.0.0rc2):
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password.

Expected Behavior

The web UI should have authentication capabilities like Attu

Steps To Reproduce

Milvus Log

No response

Anything else?

No response

yanliang567 · 2025-02-28T07:04:29Z

/assign @jaime0815
/unassign

jaime0815 · 2025-02-28T07:39:53Z

WebUI is intended solely for DevOps or developers, so we do not plan to support username and password functionality.

zhuwenxing · 2025-03-03T03:24:06Z

Completely removing username and password functionality may introduce security and compliance risks. Even if the target users are developers or DevOps, basic security measures should not be overlooked.

xiaofan-luan · 2025-03-03T18:30:44Z

agreed we need a login user/password support, we only need to verify the username/password once when the webUI is up

@jaime0815 please help on it

zhuwenxing added kind/bug Issues or changes related a bug needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 28, 2025

zhuwenxing assigned yanliang567 Feb 28, 2025

zhuwenxing added this to the 2.6.0 milestone Feb 28, 2025

dosubot bot added area/deployment any issues that related to deployment severity/major Major, major function doesn't work under some condition. labels Feb 28, 2025

sre-ci-robot assigned jaime0815 and unassigned yanliang567 Feb 28, 2025

yanliang567 added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 28, 2025

yanliang567 mentioned this issue Feb 28, 2025

[Bug]: When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password. #40266

Closed

1 task

jaime0815 removed the kind/bug Issues or changes related a bug label Feb 28, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password. #40267

[Bug]: When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password. #40267

zhuwenxing commented Feb 28, 2025

yanliang567 commented Feb 28, 2025

jaime0815 commented Feb 28, 2025

zhuwenxing commented Mar 3, 2025

xiaofan-luan commented Mar 3, 2025

[Bug]: When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password. #40267

[Bug]: When deploying Milvus, authentication was enabled, but the web UI can still be accessed without a username/password. #40267

Comments

zhuwenxing commented Feb 28, 2025

Is there an existing issue for this?

Environment

Current Behavior

Expected Behavior

Steps To Reproduce

Milvus Log

Anything else?

yanliang567 commented Feb 28, 2025

jaime0815 commented Feb 28, 2025

zhuwenxing commented Mar 3, 2025

xiaofan-luan commented Mar 3, 2025