qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7380) [Java Broker] Managed Operations returning potentially confidential information should not be permitted by default on insecure connections
Date Mon, 05 Sep 2016 08:43:21 GMT

    [ https://issues.apache.org/jira/browse/QPID-7380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15464468#comment-15464468
] 

ASF subversion and git services commented on QPID-7380:
-------------------------------------------------------

Commit 1759209 from [~k-wall] in branch 'java/trunk'
[ https://svn.apache.org/r1759209 ]

QPID-7380: [Java Broker] Allow non-confidential message info to be viewed from management.

> [Java Broker] Managed Operations returning potentially confidential information should
not be permitted by default on insecure connections
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7380
>                 URL: https://issues.apache.org/jira/browse/QPID-7380
>             Project: Qpid
>          Issue Type: Improvement
>            Reporter: Rob Godfrey
>             Fix For: qpid-java-6.1
>
>
> Operations such as getting message content or extracting config or message data may contain
confidential information.  As such one would not normally wish these operations to be permitted
on insecure (non-TLS) connections.  We should enhance the meta data for managed operations
to allow for declaring them "secure", we should then change the REST servlet to prevent the
operation of "secure" operations on insecure connections.  To allow those who are aware of
the risks, but accept them, we should add an attribute to the (Http)Port to allow secure operations
to be performed on that port even where the connection is insecure.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message