[
https://issues.apache.org/jira/browse/QPID-4122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Ross updated QPID-4122:
------------------------------
Component/s: C++ Tests
> Remove ANONYMOUS from mechanisms allowed in ACL tests
> -----------------------------------------------------
>
> Key: QPID-4122
> URL: https://issues.apache.org/jira/browse/QPID-4122
> Project: Qpid
> Issue Type: Test
> Components: C++ Tests
> Reporter: Alan Conway
> Assignee: michael goulish
> Priority: Minor
>
> With the anonymous mechanism allowed its easy to get a false positive if you
> accidentally fail to set an authentication mechanism at all in a security
> test, since you can always connect with ANONYMOUS. This is especially the
> case where there are multiple elements that need to be authenticated, for
> example a test harness starting an admin tool which talks to a broker, or
> brokers talking to each other in a cluster. It might be safer to remove
> ANONYMOUS and ensure that every element in a security-related test does
> authenticate properly. A quick check shows that removing ANONYMOUS causes
> multilple tests to fail. It is possible that the tests are OK and those
> connections don't need authentication, but it might be clearer to require
> authentication from all players in a security related test.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
