Hiram Chirino writes: > Now if you access: > /broker/config > That gives you the raw configuration file as it exists on disk without > any variable substitution performed. > > So if you store passwords in the file, then they will get > transmitted.
Hiram, I have the feeling that other parts of the configuration file can also be sensitive. The <acl> elements for instance can tell you who can do what on the broker. IMHO, the access to the broker configuration as a whole is sentive enough to deserve a dedicated element controlling its authorization. Cheers, Lionel
