[jira] [Commented] (QPID-7380) [Java Broker] Managed Operations returning potentially confidential information should not be permitted by default on insecure connections

Tue, 30 Aug 2016 09:32:51 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-7380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449460#comment-15449460
 ] 

Keith Wall commented on QPID-7380:
----------------------------------

This change has meant that the Queue tab within the WMC (which uses 
Queue#getMessageInfo) shows a red error message when the web management console 
is used over a HTTP connection.    As the table includes only state, message 
size and arrival time there is no need to consider this information 
confidential.   We either need an alternate method that is capable of returning 
MessageInfos without the message headers (which may be confidential) or we need 
to enhance the existing API with a flag that returns the secure attributes.  
The use of the flag would be permitted only when HTTPS transport is used.

> [Java Broker] Managed Operations returning potentially confidential 
> information should not be permitted by default on insecure connections
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7380
>                 URL: https://issues.apache.org/jira/browse/QPID-7380
>             Project: Qpid
>          Issue Type: Improvement
>            Reporter: Rob Godfrey
>             Fix For: qpid-java-6.1
>
>
> Operations such as getting message content or extracting config or message 
> data may contain confidential information.  As such one would not normally 
> wish these operations to be permitted on insecure (non-TLS) connections.  We 
> should enhance the meta data for managed operations to allow for declaring 
> them "secure", we should then change the REST servlet to prevent the 
> operation of "secure" operations on insecure connections.  To allow those who 
> are aware of the risks, but accept them, we should add an attribute to the 
> (Http)Port to allow secure operations to be performed on that port even where 
> the connection is insecure.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to