cf-abacus icon indicating copy to clipboard operation
cf-abacus copied to clipboard

Published 20 hours ago verified publisher icon cloudfoundry-attic

DB clients should allow only https when Abacus is secured

Open hsiliev opened this issue 8 years ago • 2 comments

Currently bosh couch and mongo DB clients allow http and https and self-signed certificates even if Abacus is secured.

We should only use https and disable self-signed certificates, hardening Abacus by default. This makes misconfiguration harder and reduces the attack surface.

hsiliev avatar Aug 30 '16 18:08 hsiliev

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/129479897

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar Aug 30 '16 18:08 cf-gitbot

Self-signed certs using mongoclient are now disabled with https://github.com/cloudfoundry-incubator/cf-abacus/commit/b6a1a3c2e547fcda51ef2437a42dbe64d1c557a1

hsiliev avatar Dec 25 '16 21:12 hsiliev