[jira] [Commented] (QPID-7380) [Java Broker] Managed Operations returning potentially confidential information should not be permitted by default on insecure connections

Wed, 07 Sep 2016 10:22:36 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-7380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15471220#comment-15471220
 ] 

Keith Wall commented on QPID-7380:
----------------------------------

As discussed, with your change if the call to getMessageInforById when 
includeHeaders is false ever returns a 403 an infinite loop will occur.  The 
error handler should guard this case and let the user see the 403.

It is true dumpHeap (and logs depending on logging level may include 
confidential information), but I think any further change should be pushed to 
6.2.

I don't think the UI should include 
allowConfidentialOperationsOnInsecureChannels.  I think in general we would 
want the users configure HTTPs, so this option should seldom by used.




> [Java Broker] Managed Operations returning potentially confidential 
> information should not be permitted by default on insecure connections
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7380
>                 URL: https://issues.apache.org/jira/browse/QPID-7380
>             Project: Qpid
>          Issue Type: Improvement
>            Reporter: Rob Godfrey
>            Assignee: Keith Wall
>             Fix For: qpid-java-6.1
>
>
> Operations such as getting message content or extracting config or message 
> data may contain confidential information.  As such one would not normally 
> wish these operations to be permitted on insecure (non-TLS) connections.  We 
> should enhance the meta data for managed operations to allow for declaring 
> them "secure", we should then change the REST servlet to prevent the 
> operation of "secure" operations on insecure connections.  To allow those who 
> are aware of the risks, but accept them, we should add an attribute to the 
> (Http)Port to allow secure operations to be performed on that port even where 
> the connection is insecure.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to