Re: [infinispan-dev] Hot Rod secured by default
On 30/03/2017 17:31, Dennis Reed wrote:
+1 to authentication and encryption by default.
This is 2017, that's how *everything* should be configured.
-1 to making it easy to trust all certs. That negates the point of
using encryption in the first place and should really never be done.
If it's too hard to configure the correct way that we think it would
turn users away, that's a usability problem that needs to be fixed.
Well, none
of the databases I know of require you to set up client side
truststores, so that is already a usability hurdle.
Tristan
--
Tristan Tarrant
Infinispan Lead
JBoss, a division of Red Hat