If force user to modify the default username and password when user frist login in. And ensure login in process and change password process have no security problem. I think that it is ok. ________________________________ 发件人: Dawei Liu <[email protected]> 发送时间: 2020年4月13日 7:02 收件人: [email protected] <[email protected]> 主题: Re: About the security issues that mqtt-server is turned on by default
Hi, Yes, two issues to discuss 1. Whether to turn it on by default 2. Is it safe enough to provide only the security policy of username and password Thanks --- Dawei Liu On 04/13/2020 14:15,伍 雄<[email protected]> wrote: I think mqtt-server shouled be shutdown by default. As I think It's hard to guarantee that there are no security issues in the future. Usually user installed iotDB, most of user defalut configuration, if mqtt-server have security issues in the future,it will be affecting many devices if turned on by default. We should use the minimum principle to open the port. ________________________________ 发件人: Dawei Liu <[email protected]> 发送时间: 2020年4月13日 3:26 收件人: [email protected] <[email protected]> 主题: About the security issues that mqtt-server is turned on by default Hi, Xiangdong and I had an interesting discussion on github[1]. We reached an agreement that mqtt-server would be turned on by default for the user. But I think the security details still need to be discussed. Can anyone provide some advice on security? [1] https://github.com/apache/incubator-iotdb/pull/1033 Thanks --- Dawei Liu
