qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Conway (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (QPID-4122) Remove ANONYMOUS from mechanisms allowed in ACL tests
Date Mon, 09 Jul 2012 16:23:34 GMT

     [ https://issues.apache.org/jira/browse/QPID-4122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alan Conway reassigned QPID-4122:
---------------------------------

    Assignee: michael goulish
    
> Remove ANONYMOUS from mechanisms allowed in ACL tests
> -----------------------------------------------------
>
>                 Key: QPID-4122
>                 URL: https://issues.apache.org/jira/browse/QPID-4122
>             Project: Qpid
>          Issue Type: Test
>            Reporter: Alan Conway
>            Assignee: michael goulish
>            Priority: Minor
>
> With the anonymous mechanism allowed its easy to get a false positive if you accidentally
fail to set an authentication mechanism at all in a security test, since you can always connect
with ANONYMOUS. This is especially the case where there are multiple elements that need to
be authenticated, for example a test harness starting an admin tool which talks to a broker,
or brokers talking to each other in a cluster. It might be safer to remove ANONYMOUS and ensure
that every element in a security-related test does authenticate properly. A quick check shows
that removing ANONYMOUS causes multilple tests to fail. It is possible that the tests are
OK and those connections don't need authentication, but it might be clearer to require authentication
from all players in a security related test.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message