[infinispan-dev] Hot Rod secured by default
Gustavo Fernandes
gustavo at infinispan.org
Thu Mar 30 08:48:20 EDT 2017
+1
On Thu, Mar 30, 2017 at 1:25 PM, Tristan Tarrant <ttarrant at redhat.com>
wrote:
> Dear all,
>
> after a mini chat on IRC, I wanted to bring this to everybody's attention.
>
> We should make the Hot Rod endpoint require authentication in the
> out-of-the-box configuration.
> The proposal is to enable the PLAIN (or, preferably, DIGEST) SASL
> mechanism against the ApplicationRealm and require users to run the
> add-user script.
> This would achieve two goals:
> - secure out-of-the-box configuration, which is always a good idea
> - access to the "protected" schema and script caches which is prevented
> when not on loopback on non-authenticated endpoints.
>
> Tristan
> --
> Tristan Tarrant
> Infinispan Lead
> JBoss, a division of Red Hat
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/infinispan-dev/attachments/20170330/f34ced1a/attachment.html
More information about the infinispan-dev
mailing list