You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by GitBox <gi...@apache.org> on 2019/10/07 17:09:16 UTC

[GitHub] [qpid-dispatch] bhardesty commented on a change in pull request #582: DISPATCH-1440 - Deprecated passwordFile attribute in sslProfile and m…

bhardesty commented on a change in pull request #582: DISPATCH-1440 - Deprecated passwordFile attribute in sslProfile and m…
URL: https://github.com/apache/qpid-dispatch/pull/582#discussion_r332134469
 
 

 ##########
 File path: docs/books/user-guide/configuration-security.adoc
 ##########
 @@ -133,7 +133,7 @@ For example:
 privateKeyFile: /qdrouterd/ssl_certs/router-key-pwd.pem
 ----
 
-`passwordFile` or `password`:: If the private key is password-protected, you must provide the password by either specifying the absolute path to a file containing the password that unlocks the certificate key, or entering the password directly in the configuration file.
+`passwordFile` or `password`:: If the private key is password-protected, you must provide the password by either specifying the absolute path to a file containing the password that unlocks the certificate key, or entering the password directly in the configuration file. Entering the password directly in the configuration file is unsafe. passwordFile has been deprecated. Use password.
 
 Review comment:
   I know it's not obvious, but this file is an old version that is no longer published as part of the user guide. Instead of one, generic procedure for configuring an sslProfile, it's now included within the procedures for each scenario in which you would use an sslProfile (each of which would probably require a different sslProfile to be configured):
   
   Connecting routers together (i.e. inter-router): https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#securing-connections-between-routers-router
   
   Enabling encryption/authentication for incoming "normal" connections: https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#enabling-ssl-tls-encryption-router
   
   Connecting securely to an external container with mutual TLS: https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#connecting-using-mutual-ssl-tls-authentication-router
   
   Connecting securely to an external container with one-way TLS: https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#connecting-using-one-way-ssl-tls-authentication-router
   
   For each of these instances of sslProfile, if appropriate to the scenario at hand, I would add the "password" attribute.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org