[
https://issues.apache.org/jira/browse/QPID-7380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15409306#comment-15409306
]
ASF subversion and git services commented on QPID-7380:
-------------------------------------------------------
Commit 1755283 from [~godfrer] in branch 'java/trunk'
[ https://svn.apache.org/r1755283 ]
QPID-7380 : Managed Operations returning potentially confidential information
should not be permitted by default on insecure connections
> [Java Broker] Managed Operations returning potentially confidential
> information should not be permitted by default on insecure connections
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-7380
> URL: https://issues.apache.org/jira/browse/QPID-7380
> Project: Qpid
> Issue Type: Improvement
> Reporter: Rob Godfrey
> Fix For: qpid-java-6.1
>
>
> Operations such as getting message content or extracting config or message
> data may contain confidential information. As such one would not normally
> wish these operations to be permitted on insecure (non-TLS) connections. We
> should enhance the meta data for managed operations to allow for declaring
> them "secure", we should then change the REST servlet to prevent the
> operation of "secure" operations on insecure connections. To allow those who
> are aware of the risks, but accept them, we should add an attribute to the
> (Http)Port to allow secure operations to be performed on that port even where
> the connection is insecure.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
