[jira] [Created] (DISPATCH-303) Block all remote access to the "console" entity

Ted Ross (JIRA) Mon, 02 May 2016 12:19:37 -0700

Ted Ross created DISPATCH-303:
---------------------------------

             Summary: Block all remote access to the "console" entity
                 Key: DISPATCH-303
                 URL: https://issues.apache.org/jira/browse/DISPATCH-303
             Project: Qpid Dispatch
          Issue Type: Improvement
          Components: Container
            Reporter: Ted Ross
             Fix For: 0.6



The "console" entity allows Dispatch to launch a helper application to proxy 
websockets for management.  This should be a configuration-only entity.  
Providing any kind of remote access (read or write) constitutes a security 
vulnerability.
Access to this entity from the management protocol should be blocked.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Created] (DISPATCH-303) Block all remote access to the "console" entity

Reply via email to