Alan Conway created QPID-4122:
---------------------------------
Summary: Remove ANONYMOUS from mechanisms allowed in ACL tests
Key: QPID-4122
URL: https://issues.apache.org/jira/browse/QPID-4122
Project: Qpid
Issue Type: Test
Reporter: Alan Conway
Priority: Minor
With the anonymous mechanism allowed its easy to get a false positive if you
accidentally fail to set an authentication mechanism at all in a security test,
since you can always connect with ANONYMOUS. This is especially the case where
there are multiple elements that need to be authenticated, for example a test
harness starting an admin tool which talks to a broker, or brokers talking to
each other in a cluster. It might be safer to remove ANONYMOUS and ensure that
every element in a security-related test does authenticate properly. A quick
check shows that removing ANONYMOUS causes multilple tests to fail. It is
possible that the tests are OK and those connections don't need authentication,
but it might be clearer to require authentication from all players in a
security related test.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
