chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Schmidt <>
Subject Re: kCMISSessionAllowUntrustedSSLCertificate
Date Fri, 17 May 2013 13:42:55 GMT
Hi Peter
many thanks for your comments. As I am about to leave Alfresco in less than
a week I would like to pass this question on to Mike Hatfield (cc'd)

Kind regards

On 17 May 2013 13:54, Eberlein, Peter <> wrote:

>  Hi Peter,
>  I noticed the new session parameter,
> kCMISSessionAllowUntrustedSSLCertificate, that you introduced. If set,
> server certificate validation is skipped so SSL connections to untrusted
> servers can be established.
>  I don't think that we should have such a parameter. The world is already
> insecure enough without encouraging people to deactivate essential security
> settings. If there is a need to accept untrusted server certificates *
> temporarily*, like during development, than this can easily be done by
> providing a custom authentication provider. This was already possible
> before this change, without extending the standard implementation with
> insecure code. Or did I miss something? I would feel a lot better if this
> whole "feature" was removed again and whoever needs to do such messy things
> does them in own code in a custom authentication provider.
>  Or is it just me who is overly sensitive here? What does everyone else
> think?
>  Peter

Kind regards

*Peter Schmidt*
*Alfresco Software Ltd.*
*UK: 07748 185496*
*Int.: +44 7748 185496*
*Skype: pweschmidt*

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message