You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ApplicationsAuthManager works as expected but the current implementation allows to forward messages everywhere using any credentials defined in the YAML authorization file.
For example its currently possible to forward messages to clients connected with the credentials of application1 with the credentials of application2.
To prevent credentials of application2 to allows message sendings to clients connected with the credentials of application1 we propose a new mandatoryTags property.
This will force clients using the first credentials to specify an applicationName tag with the application1 value, otherwise connection and message sending will fail.
Also the consequence will be that all the clients will be forced to use the same applicationName tag value and we can be sure the messages will always be forwarded only to the application1 clients.
The text was updated successfully, but these errors were encountered:
The
ApplicationsAuthManager
works as expected but the current implementation allows to forward messages everywhere using any credentials defined in the YAML authorization file.For example its currently possible to forward messages to clients connected with the credentials of
application1
with the credentials ofapplication2
.To prevent credentials of
application2
to allows message sendings to clients connected with the credentials ofapplication1
we propose a newmandatoryTags
property.Here is an example.
This will force clients using the first credentials to specify an
applicationName
tag with theapplication1
value, otherwise connection and message sending will fail.Also the consequence will be that all the clients will be forced to use the same
applicationName
tag value and we can be sure the messages will always be forwarded only to theapplication1
clients.The text was updated successfully, but these errors were encountered: