geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Stolz <mst...@pivotal.io>
Subject Re: [GitHub] geode issue #719: GEODE-3447 Implement client authorization for the new prot...
Date Mon, 28 Aug 2017 16:31:18 GMT
A hash is not guaranteed unique so is not suitable as a security token.

--
Mike Stolz
Principal Engineer, GemFire Product Manager
Mobile: +1-631-835-4771

On Fri, Aug 25, 2017 at 4:49 PM, galen-pivotal <git@git.apache.org> wrote:

> Github user galen-pivotal commented on the issue:
>
>     https://github.com/apache/geode/pull/719
>
>     @metatype We need the `StreamAuthenticator` to receive and send
> (Protobuf-encoded) messages containing the credentials that get passed to
> the `SecurityManager`. I would think that ideally it's nothing more than
> this.
>
>     I wonder if it would be better to send a hash that gets put into the
> Properties that SecurityManager uses, rather than having a message that
> explicitly contains username and password.
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastructure@apache.org or file a JIRA ticket
> with INFRA.
> ---
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message