[infinispan-issues] [JBoss JIRA] (ISPN-6457) Servers should disallow access to internal user caches over the wire when authorization is disabled
Tristan Tarrant (JIRA)
issues at jboss.org
Fri Apr 8 10:42:00 EDT 2016
[ https://issues.jboss.org/browse/ISPN-6457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189160#comment-13189160 ]
Tristan Tarrant commented on ISPN-6457:
---------------------------------------
Secure by default is quite important. Apparently it's ok if we allow access over loopback.
> Servers should disallow access to internal user caches over the wire when authorization is disabled
> ---------------------------------------------------------------------------------------------------
>
> Key: ISPN-6457
> URL: https://issues.jboss.org/browse/ISPN-6457
> Project: Infinispan
> Issue Type: Task
> Components: Remote Protocols, Server
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Fix For: 9.0.0.Final
>
>
> The server protocols currently allow access to internal user caches (such as the script and schema caches) if authorization is disabled. We should instead not allow access.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the infinispan-issues
mailing list