[
https://issues.apache.org/jira/browse/DISPATCH-8?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15504736#comment-15504736
]
ASF subversion and git services commented on DISPATCH-8:
--------------------------------------------------------
Commit 6be6e461040808ec9aed75b3213a2f03496a510b in qpid-dispatch's branch
refs/heads/master from [~chug]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=6be6e46 ]
DISPATCH-8: Authenticate message user-id on ingress
Add proxy check enable setting per vhost user group.
Verify proxy is allowed for incoming messages.
Add self tests to demonstrate proxy check rejecting messages or not.
> Message:user-id must be authenticated on ingress
> ------------------------------------------------
>
> Key: DISPATCH-8
> URL: https://issues.apache.org/jira/browse/DISPATCH-8
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 0.1
> Reporter: Ted Ross
> Assignee: Chuck Rolke
> Priority: Critical
> Fix For: 0.7.0
>
>
> When a message is received on an ingress link (i.e. from an originating
> endpoint) and the message has a user-id field in its properties, that user-id
> must be authenticated.
> At first, this means that the user-id must be the same as that which was used
> to authenticate the connection.
> There may be other means of authenticating user-ids in the future, but
> Dispatch must not simply pass them on unchecked.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
