[QPID-4013] Windows Broker SSL is more difficult to use than necessary and possibly less secure than possible - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.14, 0.16, 0.17
Fix Version/s: 0.17
Component/s: C++ Broker
Labels:
None
Environment:

Windows

Description

The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:

Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.

Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.

Attachments

Activity

People

Assignee:: Andrew Stitcher

Reporter:: Andrew Stitcher

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/May/12 22:03

Updated:: 29/Jul/13 19:05

Resolved:: 21/May/12 22:23