[jira] [Commented] (QPID-7380) [Java Broker] Managed Operations returning potentially confidential information should not be permitted by default on insecure connections

Tue, 06 Sep 2016 06:18:31 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-7380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15467399#comment-15467399
 ] 

Alex Rudyy commented on QPID-7380:
----------------------------------

The changes committed under revision [r1759209|https://svn.apache.org/r1759209] 
look reasonable to me. Although, I agree that caching of headers inclusion flag 
would be beneficial. Thus, I made the change under revision 
[r1759431|https://svn.apache.org/r1759431].
Keith, could you review that?

As a side from changes in  [r1759209|https://svn.apache.org/r1759209] I am 
wondering whether we can also change the following:
# dumpHeap operation is not marked as secure. It seems that dumped heap might 
contains sensitive data (for example, message headers). I think that dumpHeap 
should be annotated as secure operation.
# I am wondering whether port UI should be changed to allow changing 
allowConfidentialOperationsOnInsecureChannels? That could be useful for users 
already have some tooling around operations marked as being secure in 6.1 but 
might not be able to change their tooling on upgrade.


> [Java Broker] Managed Operations returning potentially confidential 
> information should not be permitted by default on insecure connections
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7380
>                 URL: https://issues.apache.org/jira/browse/QPID-7380
>             Project: Qpid
>          Issue Type: Improvement
>            Reporter: Rob Godfrey
>            Assignee: Keith Wall
>             Fix For: qpid-java-6.1
>
>
> Operations such as getting message content or extracting config or message 
> data may contain confidential information.  As such one would not normally 
> wish these operations to be permitted on insecure (non-TLS) connections.  We 
> should enhance the meta data for managed operations to allow for declaring 
> them "secure", we should then change the REST servlet to prevent the 
> operation of "secure" operations on insecure connections.  To allow those who 
> are aware of the risks, but accept them, we should add an attribute to the 
> (Http)Port to allow secure operations to be performed on that port even where 
> the connection is insecure.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to