Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-10024

Implement secure connection between clients and Dali.

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Scheduled
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 8.0.0
    • Component/s: Dali
    • Labels:

      Description

      Currently, Dali clients that access ~foreign:: files in other environments, do so by effectively redirecting the username and password credentials over an insecure socket to the remote Dali.
      The credentials are encrypted, but it's security by obscurity and can be thwarted by knowing the code that encrypts.

      Client (including the local Dali) should be able to make a secure connection to the remote Dali using SSH.

      This will ensure the credentials as well as all meta info are encrypted between the two environments.

      Richard ChapmanRuss WhiteheadAnthony FishbeckGavin HallidayStuart Ort

      There should be a Dali configuration option to only accept secure connections.

      Ideally the SSL connectivity would be implemented such that components could switch to using it relatively seamlessly, e.g. a implementation of ISocket.
      In fact we already have ISecureSocket which is a derivative, however it is only partially implemented.
      For Dali connectivity, MP would need to support SSL also.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mckellyln Mark Kelly
              Reporter:
              jakesmith Jake Smith
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated: