[infinispan-dev] Hot Rod secured by default
Tristan Tarrant
ttarrant at redhat.com
Thu Mar 30 12:00:32 EDT 2017
On 30/03/2017 17:31, Dennis Reed wrote:
> +1 to authentication and encryption by default.
> This is 2017, that's how *everything* should be configured.
>
> -1 to making it easy to trust all certs. That negates the point of
> using encryption in the first place and should really never be done.
>
> If it's too hard to configure the correct way that we think it would
> turn users away, that's a usability problem that needs to be fixed.
Well, none of the databases I know of require you to set up client side
truststores, so that is already a usability hurdle.
Tristan
--
Tristan Tarrant
Infinispan Lead
JBoss, a division of Red Hat
More information about the infinispan-dev
mailing list