Return-Path: <dev-return-18706-archive-asf-public=cust-asf.ponee.io@brooklyn.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 1C34F200B7C
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu,  8 Sep 2016 16:12:31 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 1AD1A160ABD; Thu,  8 Sep 2016 14:12:31 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 61508160AA5
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  8 Sep 2016 16:12:30 +0200 (CEST)
Received: (qmail 73522 invoked by uid 500); 8 Sep 2016 14:12:29 -0000
Mailing-List: contact dev-help@brooklyn.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@brooklyn.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@brooklyn.apache.org>
List-Post: <mailto:dev@brooklyn.apache.org>
List-Id: <dev.brooklyn.apache.org>
Reply-To: dev@brooklyn.apache.org
Delivered-To: mailing list dev@brooklyn.apache.org
Received: (qmail 73509 invoked by uid 99); 8 Sep 2016 14:12:29 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Sep 2016 14:12:29 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id CBA64181353
	for <dev@brooklyn.apache.org>; Thu,  8 Sep 2016 14:12:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 4.18
X-Spam-Level: ****
X-Spam-Status: No, score=4.18 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	FSL_HELO_HOME=1, HTML_MESSAGE=2, KAM_BADIPHTTP=2,
	RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, WEIRD_PORT=0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id FeEooUJV1C7A for <dev@brooklyn.apache.org>;
	Thu,  8 Sep 2016 14:12:26 +0000 (UTC)
Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45])
	by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTPS id 4624A60E5D
	for <dev@brooklyn.apache.org>; Thu,  8 Sep 2016 14:12:26 +0000 (UTC)
Received: by mail-wm0-f45.google.com with SMTP id b187so171477743wme.1
        for <dev@brooklyn.apache.org>; Thu, 08 Sep 2016 07:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:subject:to:message-id:date:user-agent:mime-version;
        bh=iqO2QB8Vlz96JUtfefQGalb/SvKlX/32PK0I0MRhvZ4=;
        b=hXs7CXknBvhC4BszrrXyrjq+bYeSG5Ac01G1ad9Rx/PBVNW0ABdoF4MPqAlFqO/QR9
         FfeYlOKrLk8BLJfKzn3Ch41HCOsVQa6rJ9TPFi6uh0zEK+fcNhD8QfbweSSFsWD2Q9oL
         9ETbaJx7L+FNWi+vN8W5HHQKrO77Nzv2hqCQUrCsFTIfD37lBVd+ooyVbNDiC16ABZOh
         68u8HwOpZVaZ/lF+vy0jI7+Mw+LOl+FefMvicQVTYjW1RSkOJm2/fRnZ+Z6tItOnTte3
         NGumuJKXGaanNQnfaEjyrCUfIKHL7x8VHX0xKUDNMmmJoNBnZQzYZGbdIa/UgtkN7hv1
         YKpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:subject:to:message-id:date:user-agent
         :mime-version;
        bh=iqO2QB8Vlz96JUtfefQGalb/SvKlX/32PK0I0MRhvZ4=;
        b=BmQ7DWFIFr2ZRuHi6tHLpHMXldYCONTsZHXXV8dukoxI5UsZNkkx0hNr1nLuYBoqgb
         Xlm2E1O3FEDBkLxKIDqlQ11msH3YOlRIl+GbPgnTMIzEYPD/M0k9Pnkw8krnS6zLsJ9p
         42CcXHeyuU3e0WaPSoLQZd46lFG5VWP0n0AWDFY3fJF7P8+4jTkqmkChkCQsdibFSlxQ
         0HhdhENQ1QJdsVTqquNbM/ZxzV8oBTcFZiON2h6qAfAExwjtNracSDmbeOxVFC4+cKQb
         uKRThPcFFz7QZXgvfMkwXtECyGg8ovmyPI9naJnU4/LG92TYoERlIUhruKPDk2T3UW1q
         naUg==
X-Gm-Message-State: AE9vXwM+547wN+JCS6bjTeUMvgfklaDhENB069WrFBy0FyOqTr5YMkNQybJf1e2gk+3QSA==
X-Received: by 10.28.73.212 with SMTP id w203mr9028736wma.43.1473343945598;
        Thu, 08 Sep 2016 07:12:25 -0700 (PDT)
Received: from Aleds-MBP.home (host86-138-247-254.range86-138.btcentralplus.com. [86.138.247.254])
        by smtp.googlemail.com with ESMTPSA id xy4sm36395347wjc.2.2016.09.08.07.12.23
        for <dev@brooklyn.apache.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 08 Sep 2016 07:12:24 -0700 (PDT)
From: Aled Sage <aled.sage@gmail.com>
Subject: [PROPOSAL] Remove unauthenticated localhost login
To: dev@brooklyn.apache.org
Message-ID: <fde6a77c-c0cb-b807-c4bd-a9c025982883@gmail.com>
Date: Thu, 8 Sep 2016 15:12:23 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------A1729AE8337AFC8730A2F101"
archived-at: Thu, 08 Sep 2016 14:12:31 -0000

--------------A1729AE8337AFC8730A2F101
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi all,

I'd like to remove from Brooklyn the feature where you can login 
authenticated from localhost.
_*
Current Situation*_
When you first start Brooklyn on a new machine (so no 
brooklyn.properties etc), it will auto-generate an initial username + 
password and log that. For example:

    2016-09-08 15:03:48,631 INFO  No security provider options
    specified. Define a security provider or users to prevent a random
    password being created and logged.
    2016-09-08 15:03:48,632 INFO  Starting Brooklyn web-console with
    passwordless access on localhost and protected access from any other
    interfaces (no bind address specified)
    2016-09-08 15:03:48,633 INFO  Allowing access to web console from
    localhost or with brooklyn:sgZZL9qqBd
    2016-09-08 15:03:50,572 INFO  Started Brooklyn console at
    http://127.0.0.1:8083/, running classpath://brooklyn.war@

If you connect from localhost, you can login without any credentials.

If you connect from an external IP, you will need to use those credentials.

_*Pros and Cons*_
This is convenient for first-time users (they don't need to worry about 
setting up a username/password if running Brooklyn on their local 
machine). We have to explain a little less before they can try out AMP.

But it will also feel like a security hole.

It will makes the experience of installing Brooklyn on a server very 
different from the localhost experience. This is particularly true as we 
encourage the use of RPM/DEB for installing Brooklyn.

_*Proposal*_
I propose removing this, so localhost logins also require credentials.

We'd also ensure the docs point at the username:password for accessing 
the web-console. It is a problem that we don't already call this out 
(e.g. at 
http://brooklyn.apache.org/v/latest/start/running.html#control-apache-brooklyn 
and http://brooklyn.apache.org/v/latest/ops/gui/running.html) because 
users installing on a server will not know what to do.

Aled


--------------A1729AE8337AFC8730A2F101--