jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-351) Default to anonymous access when no Credentials are given
Date Wed, 15 Mar 2006 07:06:44 GMT
     [ http://issues.apache.org/jira/browse/JCR-351?page=all ]

Jukka Zitting updated JCR-351:
------------------------------

        Summary: Default to anonymous access when no Credentials are given  (was: Default
to superuser access when JAAS is not configured)
    Description: 
Even though JCR-348 made easier to start a Jackrabbit repository with default configuration,
the user still needs to take care of the JAAS configuration. It would be more user-friendly
to log a warning and default to superuser access rather than throwing a LoginException when
JAAS has not been configured. This behaviour should be limited to only default credential
logins (Session.login() with null Credentials) and it should be possible to disable it with
a configuration option. We could even have this behaviour disabled by default, but enabled
in the configuration file used with the JCR-348 automatic configuration.

This is a case against the "secure by default" design principle, but I think that in this
case the benefits in easier setup outweight the security drawbacks, especially if coupled
with the above restrictions and a clear documentation note about the insecure default.

[Update: As mentioned by Stefan, this is  not a JAAS configuration issue but a problem in
handling null Credentials. A more proper alternative for superuser access would be to default
to anonymous access when credentials are not given.]

  was:
Even though JCR-348 made easier to start a Jackrabbit repository with default configuration,
the user still needs to take care of the JAAS configuration. It would be more user-friendly
to log a warning and default to superuser access rather than throwing a LoginException when
JAAS has not been configured. This behaviour should be limited to only default credential
logins (Session.login() with null Credentials) and it should be possible to disable it with
a configuration option. We could even have this behaviour disabled by default, but enabled
in the configuration file used with the JCR-348 automatic configuration.

This is a case against the "secure by default" design principle, but I think that in this
case the benefits in easier setup outweight the security drawbacks, especially if coupled
with the above restrictions and a clear documentation note about the insecure default.


      Assign To: Jukka Zitting

> Default to anonymous access when no Credentials are given
> ---------------------------------------------------------
>
>          Key: JCR-351
>          URL: http://issues.apache.org/jira/browse/JCR-351
>      Project: Jackrabbit
>         Type: Improvement
>   Components: security
>     Versions: 0.9
>     Reporter: Jukka Zitting
>     Assignee: Jukka Zitting
>     Priority: Minor

>
> Even though JCR-348 made easier to start a Jackrabbit repository with default configuration,
the user still needs to take care of the JAAS configuration. It would be more user-friendly
to log a warning and default to superuser access rather than throwing a LoginException when
JAAS has not been configured. This behaviour should be limited to only default credential
logins (Session.login() with null Credentials) and it should be possible to disable it with
a configuration option. We could even have this behaviour disabled by default, but enabled
in the configuration file used with the JCR-348 automatic configuration.
> This is a case against the "secure by default" design principle, but I think that in
this case the benefits in easier setup outweight the security drawbacks, especially if coupled
with the above restrictions and a clear documentation note about the insecure default.
> [Update: As mentioned by Stefan, this is  not a JAAS configuration issue but a problem
in handling null Credentials. A more proper alternative for superuser access would be to default
to anonymous access when credentials are not given.]

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message