Issue #9400 has been updated by R.I. Pienaar. Status changed from Accepted to In Topic Branch Pending Merge Branch set to ripienaar/feature/master/9400
Have updated the AES and SSL plugins to secure the :msgtime and :ttl properties in the request. Could potentially have done the PSK one but I think its overall security is so weak that it would be pointless. To really be of value this would be a non backward compatible change, however have added a knob that makes it log only instead of deny old requests ---------------------------------------- Bug #9400: Update security plugins where applicable to secure the TTL header https://projects.puppetlabs.com/issues/9400 Author: R.I. Pienaar Status: In Topic Branch Pending Merge Priority: Normal Assignee: R.I. Pienaar Category: Plugins Target version: 1.3.x Keywords: Branch: ripienaar/feature/master/9400 Affected mCollective version: We've added a TTL header and when possible this header should be protected from tampering. The SSL, AES and possibly the PSK plugins can add this data item and validate it on receipt -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
