Jakub Scholz created DISPATCH-472:
-------------------------------------
Summary: Default value of authenticatePeer parameter in listener
configuration
Key: DISPATCH-472
URL: https://issues.apache.org/jira/browse/DISPATCH-472
Project: Qpid Dispatch
Issue Type: Improvement
Reporter: Jakub Scholz
The authenticatePeer parameter in listener configuration has currently default
value "no". I believe this can lead to misunderstandings causing security
issues. Consider listener configured as this:
{code}
listener {
role: normal
host: 0.0.0.0
port: amqp
saslMechanisms: PLAIN DIGEST-MD5 CRAM-MD5
}
{code}
It has configured SASL authentication using username and password and on a
first look one might believe that such listener is configured properly.
However, because of missing "authenticatePeer: yes" parameter, it is still
possible to connect anonymously without the SASL layer.
I believe it would be much better to have either set authenticatePeer parameter
to yes by default all the time or at least when SASL is configured.
Please have a look at the related discussion from the mailing list:
http://qpid.2158936.n2.nabble.com/Dispatch-Default-value-of-authenticatePeer-td7648676.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
