[infinispan-dev] Hot Rod secured by default
gustavo at infinispan.org
Thu Mar 30 08:48:20 EDT 2017
On Thu, Mar 30, 2017 at 1:25 PM, Tristan Tarrant <ttarrant at redhat.com>
> Dear all,
> after a mini chat on IRC, I wanted to bring this to everybody's attention.
> We should make the Hot Rod endpoint require authentication in the
> out-of-the-box configuration.
> The proposal is to enable the PLAIN (or, preferably, DIGEST) SASL
> mechanism against the ApplicationRealm and require users to run the
> add-user script.
> This would achieve two goals:
> - secure out-of-the-box configuration, which is always a good idea
> - access to the "protected" schema and script caches which is prevented
> when not on loopback on non-authenticated endpoints.
> Tristan Tarrant
> Infinispan Lead
> JBoss, a division of Red Hat
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the infinispan-dev