You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/03/22 15:56:00 UTC

[jira] [Commented] (DISPATCH-1288) Optionally enforce access policy on connections established by the router

    [ https://issues.apache.org/jira/browse/DISPATCH-1288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799128#comment-16799128 ] 

ASF subversion and git services commented on DISPATCH-1288:
-----------------------------------------------------------

Commit 60d2e75f1ace295a68a5d3878997e543b2b79cc5 in qpid-dispatch's branch refs/heads/master from Charles E. Rolke
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=60d2e75 ]

DISPATCH-1288: Add policy controls for outbound connector connections

This closes #472


> Optionally enforce access policy on connections established by the router
> -------------------------------------------------------------------------
>
>                 Key: DISPATCH-1288
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1288
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Policy Engine
>    Affects Versions: 1.5.0
>            Reporter: Chuck Rolke
>            Assignee: Chuck Rolke
>            Priority: Major
>
> There are cases where router-initiated connections to external processes (using connectors) need to have enforcement of access policy from the external container.
> That is, when an outbound connection is created by a connector then there is nothing to prevent that external remote container from opening links to any address like, for instance, $management.
> In the normal case policy is applied only to inbound connections. This issue covers the case where policy must be applied to outbound connections.
> Like the normal policy case, the connector policy will be applied to incoming link creation requests initiated by the external container. Outbound link creation requests initiated by the router are exempt from policy restrictions.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org