View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005492 | 10000-007: Profiles | Spec | public | 2020-03-02 15:52 | 2021-06-09 13:15 |
| Reporter | Alexander Allmendinger | Assigned To | Karl Deiretsbacher | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Summary | 0005492: Security User Anonymous - requires Anonymous to be disabled by default | ||||
| Description | Since we required to have SecurityPolicy#None being disabled by default, this requirement is not necessary any more. Especially for products and devices not having a real user concept, this requirement would end in a default or hard coded username/password which doesn't improve security. Instead I recommend to change the existing text: The Server provides support for Anonymous access. The use of this feature must be able to be enabled or disabled by an Administrator. By default Anonymous access shall be disabled. change to: The Server provides support for Anonymous access. The use of this feature shall be able to be enabled or disabled by an Administrator. | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
|
|
Not a bad idea. Do you mean that if any users are configured, Anonymous should never be enabled or just by default? This kind of requirements are complicated in the specification, since in the end the administrators should be able to configure whatever they need to. Good practices may define that security should be on by default, still. |
|
|
We need separate facets for Client and Server. The Client CU will state: "The Client utilizes Anonymous access. The use of this feature should be able to be enabled or disabled by an Administrator." |
|
|
Also required for v1.03. |
|
|
Fixed text in database for 1.03 and 1.04. |
|
|
Agreed to changes in 1.03 and 1.04 Profile database. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-03-02 15:52 | Alexander Allmendinger | New Issue | |
| 2020-03-03 11:47 | Jouni Aro | Note Added: 0011638 | |
| 2020-05-19 17:00 | Jim Luth | Assigned To | => Karl Deiretsbacher |
| 2020-05-19 17:00 | Jim Luth | Status | new => assigned |
| 2020-05-26 15:17 | Karl Deiretsbacher | Note Added: 0012111 | |
| 2020-05-26 15:18 | Karl Deiretsbacher | Description Updated | |
| 2020-05-26 15:20 | Karl Deiretsbacher | Note Added: 0012112 | |
| 2020-09-12 06:57 | Karl Deiretsbacher | Status | assigned => resolved |
| 2020-09-12 06:57 | Karl Deiretsbacher | Resolution | open => fixed |
| 2020-09-12 06:57 | Karl Deiretsbacher | Note Added: 0012786 | |
| 2021-06-09 13:15 | Jim Luth | Status | resolved => closed |
| 2021-06-09 13:15 | Jim Luth | Note Added: 0014524 |
