David Handermann
Apache NiFi PMC Chair, Senior Software Engineer at Snowflake
San Antonio, Texas, United States
Actions
David Handermann is the chair of the Apache NiFi Project Management Committee, with over 20 years of experience in information technology. He works in software engineering, data pipeline development, and open source with Snowflake. Interested in all things related to information security, he has designed, developed, and maintained a number of solutions for authentication, authorization, communications security, and data protection. He maintains a software development blog at exceptionfactory.com.
Links
Area of Expertise
Topics
Tech Debt Reduction and Renovation in Apache NiFi 2
Apache NiFi 2 introduced a significant number of foundational upgrades, from Java 8 to Java 21, from AngularJS 1 to Angular 18, and from Jetty 9 to 12, along with a substantial reduction in project source code. With close to one million lines of code, configuration, and documentation changed across more than 2000 issues, NiFi 2 represents collaborative focus on project modernization. The new version also added support for writing extensions in native Python, expanding opportunities for integration. This presentation reviews the path from initial discussion to general release for NiFi 2, with highlights and implementation strategies from the author of the NiFi 2 release goals. From incremental upgrades and deprecated code deletion to substantial rewrites and migration methods, this presentation covers several approaches to maintaining a large project that supports integrations with streaming, structured, and multimodal data sources.
The Jagged Edge: Streaming End-to-End Encryption with age in Java and Beyond
When TLS is not enough, what options are available for client-side encryption? The age-encryption.org specification presents a modern answer to the problem of file encryption for several common scenarios. With a reference implementation in Go, and a library for Java, the age standard presents a compelling solution for end-to-end file encryption. Apache NiFi has released Processors for encryption and decryption with age, highlighting an example integration approach.
This presentation provides a detailed look at the age standard from the author of the Java implementation. Supporting either password-based or public key exchange strategies, age provides a focused point of extensibility that avoids the pitfalls of algorithm negotiation. Built on authenticated encryption and elliptic curve cryptography, age is not encumbered with historical compatibility concerns. Interoperability is readily achievable with implementations in Go, Java, Python, Rust, and TypeScript, among others.
Insecure By Design: How Not to Build Your Next Data Pipeline
Best practices abound for data pipeline design. Summarizing optimal strategies is helpful, but learning from negative examples provides a unique perspective for improving processing practices. Derived from real-world experiences, this presentation spotlights several pitfalls from production data pipelines, with the goal of helping you avoid the same mistakes. Streaming systems built around idealized inputs and consistent data rates may perform well initially, but what happens when an outsized file hits the pipeline? Structured records enable scalable processing, but what if the format itself allows dangerous operations? Parameterization is a core feature of software interface design, but maximum flexibility in data pipeline design leaves the door open for misconfigured or malicious inputs. Considering known design flaws today empowers practitioners to build more secure pipelines tomorrow. Focusing on Apache NiFi, this presentation covers concepts that apply to many streaming platforms.
Firsthand Analysis of Apache NiFi Vulnerability CVE-2023-34468
Security vulnerabilities are a common reality in software engineering, but the details behind a CVE are often more subtle than a numerical rating.
Following the disclosure of Apache NiFi vulnerability CVE-2023-34468, published reporting highlighted significant concerns related to potential remote code execution. Although upgrading to the latest version remains the recommended solution, a closer evaluation of the vulnerability shows important details glossed over in published analysis.
This presentation reviews the reporting process and subsequent vulnerability research. Walking through the details of the database connection string exploitation and the resulting code changes provides additional background. This vulnerability serves as a case study for considering both the weight of vulnerability scoring and the importance of research to understand the nature of a given problem.
Community Gardening: Lessons from Open Source Interactions
Open source software means different things to different people. Although collaborating across regional and corporate boundaries can be challenging, developing software in open communities has many benefits. Nothing is truly free, but Apache NiFi is one of numerous software projects with broad community interaction. This presentation offers some insights on open source development from an active contributor and member of the Apache NiFi Project Management Committee.
What are the characteristics of a helpful bug report? What makes a good pull request? How does the product handle security vulnerabilities? Project archives provide a rich source of material to answer these questions. After answering many emails, responding to numerous chats, and reviewing hundreds of pull requests, certain general positive qualities are worth highlighting.
Writing quality code is essential, but thoughtful comments, actionable feedback, and clear public communication are also important elements of successful open source projects. This session offers lessons learned from contributing to open source projects, highlighting ways to engage regardless of technical expertise or engineering background.
Advancing Apache NiFi Framework Security
As a flexible system for processing data to and from a variety of services, Apache NiFi provides a powerful set of capabilities. Configuration integrity and access security are essential framework features.
Recent Apache NiFi releases have included a number of security-oriented improvements, ranging from automated HTTPS configuration to externalization of sensitive application properties. This presentation covers the implementation details involved with automatic certificate generation, password-based key derivation, JSON Web Token signing, repository encryption, and sensitive property management using external services.
Through a combination of relevant code samples and capability demonstrations, this presentation describes framework security advances that involve both user interaction and application configuration.
Providing a basic summary of selected cryptographic algorithm differences, along with code changes, will enable participants to understand the impact of various improvements. Walking through new and improved configuration capabilities allows administrators to optimize deployment security. Highlighting key implementation details encourages software developers to review and incorporate applicable security strategies.
Community Over Code NA 2025 Sessionize Event
Community Over Code NA 2024 Sessionize Event
Current 2023: The Next Generation of Kafka Summit Sessionize Event
Current 2022: The Next Generation of Kafka Summit Sessionize Event
David Handermann
Apache NiFi PMC Chair, Senior Software Engineer at Snowflake
San Antonio, Texas, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top