qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Ross (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-6364) [Java Broker] Keystore data url must be a secure attribute
Date Tue, 24 Feb 2015 12:02:04 GMT

    [ https://issues.apache.org/jira/browse/QPID-6364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334814#comment-14334814
] 

Justin Ross commented on QPID-6364:
-----------------------------------

Reviewed by Keith.  Approved for 0.32.

> [Java Broker] Keystore data url must be a secure attribute
> ----------------------------------------------------------
>
>                 Key: QPID-6364
>                 URL: https://issues.apache.org/jira/browse/QPID-6364
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: 0.31
>            Reporter: Alex Rudyy
>            Assignee: Keith Wall
>             Fix For: 0.31
>
>
> The contents of the java keystore are private by its nature, whilst it is protected by
password, we shouldn't return the contents over REST, as this would pose a security concern.
> Refactor the FileKeystoreImpl/UI so that the contents of the keystore can be marked as
private.
>     New attribute (marked as secure) that accepts both a path or dataurl.
>     Path attribute to become derived, It will populated only if it contains a file path
(if the object is being populated from a dataurl it will be null)
>     Upgrader to take care of upgrading old stores with the path attribute
>     Changes to the UI. UI to continue to allow an existing path to be modified.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message