[
https://issues.apache.org/jira/browse/DISPATCH-472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ted Ross updated DISPATCH-472:
------------------------------
Fix Version/s: (was: Backlog)
1.6.0
> Default value of authenticatePeer parameter in listener configuration
> ---------------------------------------------------------------------
>
> Key: DISPATCH-472
> URL: https://issues.apache.org/jira/browse/DISPATCH-472
> Project: Qpid Dispatch
> Issue Type: Improvement
> Reporter: Jakub Scholz
> Priority: Major
> Fix For: 1.6.0
>
>
> The authenticatePeer parameter in listener configuration has currently
> default value "no". I believe this can lead to misunderstandings causing
> security issues. Consider listener configured as this:
> {code}
> listener {
> role: normal
> host: 0.0.0.0
> port: amqp
> saslMechanisms: PLAIN DIGEST-MD5 CRAM-MD5
> }
> {code}
> It has configured SASL authentication using username and password and on a
> first look one might believe that such listener is configured properly.
> However, because of missing "authenticatePeer: yes" parameter, it is still
> possible to connect anonymously without the SASL layer.
> I believe it would be much better to have either set authenticatePeer
> parameter to yes by default all the time or at least when SASL is configured.
> Please have a look at the related discussion from the mailing list:
> http://qpid.2158936.n2.nabble.com/Dispatch-Default-value-of-authenticatePeer-td7648676.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
