Hi Peter many thanks for your comments. As I am about to leave Alfresco in less than a week I would like to pass this question on to Mike Hatfield (cc'd)
Kind regards Peter On 17 May 2013 13:54, Eberlein, Peter <[email protected]> wrote: > Hi Peter, > > I noticed the new session parameter, > kCMISSessionAllowUntrustedSSLCertificate, that you introduced. If set, > server certificate validation is skipped so SSL connections to untrusted > servers can be established. > > I don't think that we should have such a parameter. The world is already > insecure enough without encouraging people to deactivate essential security > settings. If there is a need to accept untrusted server certificates * > temporarily*, like during development, than this can easily be done by > providing a custom authentication provider. This was already possible > before this change, without extending the standard implementation with > insecure code. Or did I miss something? I would feel a lot better if this > whole "feature" was removed again and whoever needs to do such messy things > does them in own code in a custom authentication provider. > > Or is it just me who is overly sensitive here? What does everyone else > think? > > Peter > > > -- Kind regards Peter ----------- *Peter Schmidt* *Alfresco Software Ltd.* *UK: 07748 185496* *Int.: +44 7748 185496* *Skype: pweschmidt*
