Dear Huxing, Thanks for your info. Just to make sure I understood your information correctly. This means the HTTP/2 will be supported in Dubbo 3.0, as on the official roadmap of the Dubbo 3.0? Or this is still in discussion, and cannot be sure that it is going to be included in the 3.0 roadmap?
Best regards Tien Dat PHAN On 2019/08/03 09:51:08, Huxing Zhang <[email protected]> wrote: > Hi, > > On Fri, Aug 2, 2019 at 8:09 PM [email protected] <[email protected]> > wrote: > > > > Dear Bosco, > > > > Sorry to ask the question in a 1.5 year-old thread. But we see this is the > > most relevant place to put it, as well as we don't want to contaminate the > > server with a new but similar thread. > > > > As we are newbie to Dubbo, we just wonder if the connection of Dubbo is > > secured or not (e.g. with SSL) with the newest release? > > No, it is not. In Dubbo 3.0, there is plan to support HTTP/2, with > that feature you can ensure secured connections. > > > > We did not find the documentation mentioning this. > > > > Best regards > > Tien Dat PHAN > > > > On 2018/02/28 01:18:39, Don Bosco Durai <[email protected]> wrote: > > > For now, it is for my work project. > > > > > > But Apache Ranger also as an API server for distributing policies across > > > the cluster. Ranger would be a good candidate for Dubbo, however Kerberos > > > is a mandatory authentication requirement. > > > > > > Alternatively, Ranger can provide authorization similar what it does for > > > Kafka where there is a high volume of requests. > > > > > > Bosco > > > > > > On 2/26/18, 8:47 PM, "Huxing Zhang" <[email protected]> wrote: > > > > > > Hi, > > > > > > On Tue, Feb 27, 2018 at 11:20 AM, Don Bosco Durai <[email protected]> > > > wrote: > > > > Hi Jun > > > > > > > > Thanks for your response. The token architecture looks good. I am > > > not sure what level of authentication is supported at the Registry level. > > > It would be good if it is a pluggable module so that we can support > > > different authentication schemes. > > > > > > > >> The good news is, the core team are planning to provide support > > > for connection authentication and building secure connection, and i > > > believe this feature along with others will come soon. > > > > This will be really helpful. We are doing a small PoC to see > > > whether it addresses our core requirement. If it does, I am happy to > > > contribute towards the design/implementation of > > > authentication/authorization. > > > > > > Great to hear that! Any form of contributions is welcome! > > > May I ask is it related to Apache Ranger project? Because I see you > > > are one of the Apache Ranger team and we are happy to be connected > > > with any existing Apache project. > > > > > > > > > > > Thanks > > > > > > > > Bosco > > > > > > > > > > > > > > > > On 2/25/18, 6:36 PM, "Jun Liu" <[email protected]> wrote: > > > > > > > > Hi, Bosco > > > > > > > > At present, we do provide some security control strategies, but > > > mainly on > > > > service registration and service discovery level: > > > > > > > > 1. Token Verification. You can check here for details: > > > > > > > http://dubbo.io/books/dubbo-user-book-en/demos/token-authorization.html > > > > 2. The accreditation capacity of the registration center > > > itself. For > > > > example, authentication provided by ZooKeeper. > > > > > > > > > > > > As for the connection level, we haven't provided support for > > > initial > > > > connection authentication, and also do not support secure > > > connections e.g. > > > > SSL. Because for our initial purpose, Dubbo was designed to be > > > used in > > > > organization internally. We made an assumption that the data > > > communication > > > > environment is secure. > > > > > > > > > > > > The good news is, the core team are planning to provide support > > > for > > > > connection authentication and building secure connection, and i > > > believe > > > > this feature along with others will come soon. > > > > > > > > On Mon, Feb 26, 2018 at 10:26 AM, Huxing Zhang > > > <[email protected]> wrote: > > > > > > > > > Hi, > > > > > > > > > > Welcome to Dubbo community! > > > > > > > > > > This is probably the first thread regarding Dubbo development > > > -: > > > > > > > > > > As the mailing list is just established, the core developers > > > are just > > > > > start subscribing. > > > > > > > > > > Replying to this thread so more people could see it. > > > > > > > > > > > > > > > On Sat, Feb 24, 2018 at 5:41 PM, Don Bosco Durai > > > <[email protected]> wrote: > > > > > > Hello Everyone > > > > > > > > > > > > > > > > > > > > > > > > I was looking into Dubbo project and it’s very interesting. > > > Also, it > > > > > meets most of my requirement. > > > > > > > > > > > > > > > > > > > > > > > > I need support for authentication during establishing the > > > initial > > > > > connection. I couldn’t find any reference to it. I went > > > through > > > > > http://dubbo.io/books/dubbo-user-book-en/ and > > > http://dubbo.io/books/dubbo- > > > > > admin-book-en/ > > > > > > > > > > > > > > > > > > > > > > > > Does Dubbo support security? Any pointers is appreciated. > > > > > > > > > > > > > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > > > > > Bosco > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Best Regards! > > > > > Huxing > > > > > > > > > > > > > > > > > > > > > > > -- > > > Best Regards! > > > Huxing > > > > > > > > > > > > > > > > -- > Best Regards! > Huxing >
