[sr-dev] DMQ security
Alex Hermann
alex at speakup.nl
Thu Oct 31 09:53:32 CET 2013
On Tuesday 29 October 2013 11:17:55 Charles Chance wrote:
> Or should I look to implement some kind of
> authentication mechanism as well? Perhaps something as simple as a
> pre-shared key would suffice, assuming the messages are encrypted of
> course. Full digest authentication is way too heavy in my opinion.
>
> Any ideas? Or just leave it up to the user to secure it in network layer?
Are dmq messaged handled automatically, even when dmq_handle_message() is not
used?
If not, then, imho, the admin already has plenty of possibilities (IP-based,
digest, TLS cert) to do authentication before calling that function.
Why force one method if we can just leave it up to the admin to choose
whatever fits best in his situation.
--
Alex Hermann
More information about the sr-dev
mailing list