Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-474

Default value of enableVhostPolicy parameter in policy configuration

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.7.0
    • Backlog
    • Policy Engine
    • None

    Description

      This issue is similar to DISPATCH-472 where a default value is 'insecure' and must be changed in order for security to become enabled.

      • If the the default enable value is changed to 'true' then out-of-the box the router will reject all connections. No clients can connect because no rules are in effect to allow connections. The administrator has to hunt down what's wrong and then either define rules or set the enable to 'false'. Management tools can not connect to change the setting.
      • If the default enable value is changed to 'true' AND a permissive rule set is installed by default then the router is still insecure.
      • If the default enable value is left as 'false' and a user defines some rules then none of the rules has any effect.

      As part of DISPATCH-311 the documentation momentarily described policy enforcement enable as 'true'. Just setting the enable value to 'true' fails every self test that tries to make a connection. A 'true' default would require a lot of test and example code mods.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            chug Charles E. Rolke
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment