Hi
Off by default seem the safe option to me.
Thanks,
Justin
Hi,
Does anyone have a better suggestion?
So far, more it is off by default, if no more comments, I will reopen [1],
and write to guide the user how to open a document of this feature
[1] https://github.com/apache/incubator-iotdb/pull/1033
Thanks
---
Dawei Liu
On 04/13/2020
Hi Chris,
Thanks for your sharing! +1 for disabling these services by default.
At the same time, we need to add clear instruction to let users enable these
services easily.
Thanks,
--
Jialin Qiao
School of Software, Tsinghua University
乔嘉林
清华大学 软件学院
> -原始邮件-
> 发件人: "Christofer Dutz"
Hi all,
I would strongly suggest not to turn on services like MQTT and HTTP per
default.
The reason is that people will hold the project accountable for potential
security issues that might come up.
For example in the Apache Flex project we had a sub-project called BlazeDS.
This is a
If force user to modify the default username and password when user frist login
in. And ensure login in process and change password process have no security
problem. I think that it is ok.
发件人: Dawei Liu
发送时间: 2020年4月13日 7:02
收件人: dev@iotdb.apache.org
主题: Re:
Hi,
I read the discussion and it really hard to decide...
If we open the MQTT port by default, should we open the HTTP service in the
future?
Thanks,
--
Jialin Qiao
School of Software, Tsinghua University
乔嘉林
清华大学 软件学院
> -原始邮件-
> 发件人: "伍 雄"
> 发送时间: 2020-04-13 14:15:26 (星期一)
> 收件人:
Hi,
Yes, two issues to discuss
1. Whether to turn it on by default
2. Is it safe enough to provide only the security policy of username and
password
Thanks
---
Dawei Liu
On 04/13/2020 14:15,伍 雄 wrote:
I think mqtt-server shouled be shutdown by default.
As I think It's hard to guarantee
I think mqtt-server shouled be shutdown by default.
As I think It's hard to guarantee that there are no security issues in the
future. Usually user installed iotDB,
most of user defalut configuration, if mqtt-server have security issues in the
future,it will be affecting many devices if
Hi,
Xiangdong and I had an interesting discussion on github[1].
We reached an agreement that mqtt-server would be turned on by default for the
user.
But I think the security details still need to be discussed.
Can anyone provide some advice on security?
[1]