Re: About the security issues that mqtt-server is turned on by default

Hi Off by default seem the safe option to me. Thanks, Justin

Re: About the security issues that mqtt-server is turned on by default

Hi, Does anyone have a better suggestion? So far, more it is off by default, if no more comments, I will reopen [1], and write to guide the user how to open a document of this feature [1] https://github.com/apache/incubator-iotdb/pull/1033 Thanks --- Dawei Liu On 04/13/2020

Re: About the security issues that mqtt-server is turned on by default

Hi Chris, Thanks for your sharing! +1 for disabling these services by default. At the same time, we need to add clear instruction to let users enable these services easily. Thanks, -- Jialin Qiao School of Software, Tsinghua University 乔嘉林 清华大学 软件学院 > -原始邮件- > 发件人: "Christofer Dutz"

Re: 回复: About the security issues that mqtt-server is turned on by default

Hi all, I would strongly suggest not to turn on services like MQTT and HTTP per default. The reason is that people will hold the project accountable for potential security issues that might come up. For example in the Apache Flex project we had a sub-project called BlazeDS. This is a

回复: About the security issues that mqtt-server is turned on by default

If force user to modify the default username and password when user frist login in. And ensure login in process and change password process have no security problem. I think that it is ok. 发件人: Dawei Liu 发送时间: 2020年4月13日 7:02 收件人: dev@iotdb.apache.org 主题: Re:

Re: About the security issues that mqtt-server is turned on by default

Hi, I read the discussion and it really hard to decide... If we open the MQTT port by default, should we open the HTTP service in the future? Thanks, -- Jialin Qiao School of Software, Tsinghua University 乔嘉林 清华大学 软件学院 > -原始邮件- > 发件人: "伍 雄" > 发送时间: 2020-04-13 14:15:26 (星期一) > 收件人:

Re: About the security issues that mqtt-server is turned on by default

Hi, Yes, two issues to discuss 1. Whether to turn it on by default 2. Is it safe enough to provide only the security policy of username and password Thanks --- Dawei Liu On 04/13/2020 14:15，伍 雄 wrote： I think mqtt-server shouled be shutdown by default. As I think It's hard to guarantee

回复: About the security issues that mqtt-server is turned on by default

I think mqtt-server shouled be shutdown by default. As I think It's hard to guarantee that there are no security issues in the future. Usually user installed iotDB, most of user defalut configuration, if mqtt-server have security issues in the future,it will be affecting many devices if

About the security issues that mqtt-server is turned on by default

Hi, Xiangdong and I had an interesting discussion on github[1]. We reached an agreement that mqtt-server would be turned on by default for the user. But I think the security details still need to be discussed. Can anyone provide some advice on security? [1]