[jira] [Assigned] (DISPATCH-303) Block all remote access to the "console" entity

Ted Ross (JIRA) Mon, 02 May 2016 12:21:58 -0700

     [ 
https://issues.apache.org/jira/browse/DISPATCH-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ted Ross reassigned DISPATCH-303:
---------------------------------

    Assignee: Ted Ross

> Block all remote access to the "console" entity
> -----------------------------------------------
>
>                 Key: DISPATCH-303
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-303
>             Project: Qpid Dispatch
>          Issue Type: Improvement
>          Components: Container
>            Reporter: Ted Ross
>            Assignee: Ted Ross
>             Fix For: 0.6
>
>
> The "console" entity allows Dispatch to launch a helper application to proxy 
> websockets for management.  This should be a configuration-only entity.  
> Providing any kind of remote access (read or write) constitutes a security 
> vulnerability.
> Access to this entity from the management protocol should be blocked.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Assigned] (DISPATCH-303) Block all remote access to the "console" entity

Reply via email to