[
https://issues.apache.org/jira/browse/DISPATCH-1903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17258550#comment-17258550
]
Charles E. Rolke commented on DISPATCH-1903:
--------------------------------------------
This useful feature needs some policy limits to prevent resource exhaustion and
general abuse. Maybe
* Maximum per-file size
* Maximum number of files
Also, the files must be write-only from management. The files obviously must be
read in context when they are used as expected but it would be more secure if
the files as-written were unreadable from another management session.
> Remote upload of certificate files for new TLS configurations
> -------------------------------------------------------------
>
> Key: DISPATCH-1903
> URL: https://issues.apache.org/jira/browse/DISPATCH-1903
> Project: Qpid Dispatch
> Issue Type: New Feature
> Components: Container
> Reporter: Ted Ross
> Assignee: Ted Ross
> Priority: Major
> Fix For: 1.15.0
>
>
> Currently, when using the management protocol to create new SSL-profiles,
> those profiles must access certificate files that are already placed in the
> file system. In other words, in order to create an SSL-profile on a running
> router, files must first be placed on the file system in a location
> accessible by the router. This may be problematic in cases where the router
> is remote from the managing agent, or when containerization limits access to
> the router's underlying file system.
> This new feature allows a managing agent to remotely inject files into a
> running router to be stored in temporary file storage. These files are
> usable in sslProfile management entities (by specifying the files without an
> absolute path). The temporary files are removed from the file system on
> router shutdown.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
