Chuck Rolke created DISPATCH-474:
------------------------------------
Summary: Default value of enableVhostPolicy parameter in policy
configuration
Key: DISPATCH-474
URL: https://issues.apache.org/jira/browse/DISPATCH-474
Project: Qpid Dispatch
Issue Type: Bug
Components: Policy Engine
Affects Versions: 0.7.0
Reporter: Chuck Rolke
This issue is similar to DISPATCH-472 where a default value is 'insecure' and
must be changed in order for security to become enabled.
* If the the default enable value is changed to 'true' then out-of-the box the
router will reject all connections. No clients can connect because no rules are
in effect to allow connections. The administrator has to hunt down what's wrong
and then either define rules or set the enable to 'false'. Management tools can
not connect to change the setting.
* If the default enable value is changed to 'true' AND a permissive rule set is
installed by default then the router is still insecure.
* If the default enable value is left as 'false' and a user defines some rules
then none of the rules has any effect.
As part of DISPATCH-311 the documentation momentarily described policy
enforcement enable as 'true'. Just setting the enable value to 'true' fails
every self test that tries to make a connection. A 'true' default would require
a lot of test and example code mods.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
