Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-4013

Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.14, 0.16, 0.17
    • Fix Version/s: 0.17
    • Component/s: C++ Broker
    • Labels:
      None
    • Environment:

      Windows

      Description

      The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:

      • Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
      • Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.

        Attachments

          Activity

            People

            • Assignee:
              astitcher Andrew Stitcher
              Reporter:
              astitcher Andrew Stitcher
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: