chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Schmidt <peter.schm...@alfresco.com>
Subject Re: kCMISSessionAllowUntrustedSSLCertificate
Date Fri, 17 May 2013 13:42:55 GMT
Hi Peter
many thanks for your comments. As I am about to leave Alfresco in less than
a week I would like to pass this question on to Mike Hatfield (cc'd)

Kind regards
Peter


On 17 May 2013 13:54, Eberlein, Peter <peter.eberlein@sap.com> wrote:

>  Hi Peter,
>
>  I noticed the new session parameter,
> kCMISSessionAllowUntrustedSSLCertificate, that you introduced. If set,
> server certificate validation is skipped so SSL connections to untrusted
> servers can be established.
>
>  I don't think that we should have such a parameter. The world is already
> insecure enough without encouraging people to deactivate essential security
> settings. If there is a need to accept untrusted server certificates *
> temporarily*, like during development, than this can easily be done by
> providing a custom authentication provider. This was already possible
> before this change, without extending the standard implementation with
> insecure code. Or did I miss something? I would feel a lot better if this
> whole "feature" was removed again and whoever needs to do such messy things
> does them in own code in a custom authentication provider.
>
>  Or is it just me who is overly sensitive here? What does everyone else
> think?
>
>  Peter
>
>
>


-- 
Kind regards
Peter

-----------
*Peter Schmidt*
*Alfresco Software Ltd.*
*UK: 07748 185496*
*Int.: +44 7748 185496*
*Skype: pweschmidt*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message