Andrew Stitcher created QPID-4013:
-------------------------------------
Summary: Windows Broker SSL is more difficult to use than
necessary and possibly less secure than possible
Key: QPID-4013
URL: https://issues.apache.org/jira/browse/QPID-4013
Project: Qpid
Issue Type: Improvement
Components: C++ Broker
Affects Versions: 0.16, 0.14, 0.17
Environment: Windows
Reporter: Andrew Stitcher
Assignee: Andrew Stitcher
Priority: Minor
Fix For: 0.17
The current Windows Broker SSL code always uses the LocalMachine certificate
store opened read/write. This has a number of drawbacks:
* Opening read/write means that the broker has to run as administrator to use
the certificates in the store. The broker only reads from the store so this is
actually unnecessary.
* Forcing use of LocalMachine for the certificates means that they are readable
by every user on the machine which might be a security issue. As it would allow
any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
