[infinispan-dev] Hot Rod secured by default

Tristan Tarrant ttarrant at redhat.com
Thu Mar 30 08:25:53 EDT 2017


Dear all,

after a mini chat on IRC, I wanted to bring this to everybody's attention.

We should make the Hot Rod endpoint require authentication in the 
out-of-the-box configuration.
The proposal is to enable the PLAIN (or, preferably, DIGEST) SASL 
mechanism against the ApplicationRealm and require users to run the 
add-user script.
This would achieve two goals:
- secure out-of-the-box configuration, which is always a good idea
- access to the "protected" schema and script caches which is prevented 
when not on loopback on non-authenticated endpoints.

Tristan
-- 
Tristan Tarrant
Infinispan Lead
JBoss, a division of Red Hat


More information about the infinispan-dev mailing list