qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject Re: Configuration for security.
Date Wed, 06 May 2015 15:09:01 GMT
On Wed, 2015-05-06 at 10:28 -0400, Alan Conway wrote:
> ...
> > However, if you want to add more detailed settings not covered by them
> > that's ok too.

I should have been clearer here - At the top level (mostly in
pn_transport) I think that these two settings are sufficient for
everything I can think of. But if we need finer grain control then we
can add extra settings to the detailed objects pn_sasl/pn_sasl. There
are already detailed settings - mostly in pn_ssl to set the certificates
and verification policy. However for very many uses this should not be
necessary.

> 
> OK, let me back up and regroup:
> 
> I'm happy with 2 settings auth_required, encryption_required. If we can
> satisfy all users with just those two I will be very happy.
> 
> I am not *proposing* additional settings, but I had the impression we
> were on the verge of adding one allow_plain_with_no_ssl or somesuch. If
> we can avoid that then so much the better. 
> 
> IF we do (now or later) need to start adding detailed settings, then
> they they should have a sensible default *based on the values of
> auth_required and encryption_required*, not just a static default.
> 
> Most users should ONLY have to set auth_required and encryption_required
> and be confident that things will usually Just Work. In particular if
> both are false, then all details settings should have permissive
> defaults. If both are true then all detailed settings should have strict
> defaults. So a secure user can assume the standard "denied if not
> explicitly permitted" for the additional settings, and an insecure user
> can assume "anything goes" without having to set a bunch of individual
> settings.
> 
> But again, if we can satisfy all with just the 2 settings that is ideal
> and we should strive to minimize additional settings.
> 
> 

I agree with this restatement of your position 100% - user configurable
settings are evil.

Andrew


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message