You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ted Ross (JIRA)" <ji...@apache.org> on 2019/03/27 12:33:00 UTC
[jira] [Updated] (DISPATCH-472) Default value of authenticatePeer
parameter in listener configuration
[ https://issues.apache.org/jira/browse/DISPATCH-472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Ross updated DISPATCH-472:
------------------------------
Fix Version/s: (was: 1.6.0)
1.7.0
> Default value of authenticatePeer parameter in listener configuration
> ---------------------------------------------------------------------
>
> Key: DISPATCH-472
> URL: https://issues.apache.org/jira/browse/DISPATCH-472
> Project: Qpid Dispatch
> Issue Type: Improvement
> Reporter: Jakub Scholz
> Priority: Major
> Fix For: 1.7.0
>
>
> The authenticatePeer parameter in listener configuration has currently default value "no". I believe this can lead to misunderstandings causing security issues. Consider listener configured as this:
> {code}
> listener {
> role: normal
> host: 0.0.0.0
> port: amqp
> saslMechanisms: PLAIN DIGEST-MD5 CRAM-MD5
> }
> {code}
> It has configured SASL authentication using username and password and on a first look one might believe that such listener is configured properly. However, because of missing "authenticatePeer: yes" parameter, it is still possible to connect anonymously without the SASL layer.
> I believe it would be much better to have either set authenticatePeer parameter to yes by default all the time or at least when SASL is configured.
> Please have a look at the related discussion from the mailing list:
> http://qpid.2158936.n2.nabble.com/Dispatch-Default-value-of-authenticatePeer-td7648676.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org