Ted Ross created DISPATCH-303:
---------------------------------
Summary: Block all remote access to the "console" entity
Key: DISPATCH-303
URL: https://issues.apache.org/jira/browse/DISPATCH-303
Project: Qpid Dispatch
Issue Type: Improvement
Components: Container
Reporter: Ted Ross
Fix For: 0.6
The "console" entity allows Dispatch to launch a helper application to proxy
websockets for management. This should be a configuration-only entity.
Providing any kind of remote access (read or write) constitutes a security
vulnerability.
Access to this entity from the management protocol should be blocked.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
