View Issue Details

IDProjectCategoryView StatusLast Update
000549210000-007: ProfilesSpecpublic2021-06-09 13:15
ReporterAlexander Allmendinger Assigned ToKarl Deiretsbacher  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Summary0005492: Security User Anonymous - requires Anonymous to be disabled by default
Description

Since we required to have SecurityPolicy#None being disabled by default, this requirement is not necessary any more. Especially for products and devices not having a real user concept, this requirement would end in a default or hard coded username/password which doesn't improve security. Instead I recommend to change the existing text:

The Server provides support for Anonymous access. The use of this feature must be able to be enabled or disabled by an Administrator. By default Anonymous access shall be disabled.

change to:

The Server provides support for Anonymous access. The use of this feature shall be able to be enabled or disabled by an Administrator.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Jouni Aro

2020-03-03 11:47

reporter   ~0011638

Not a bad idea. Do you mean that if any users are configured, Anonymous should never be enabled or just by default?

This kind of requirements are complicated in the specification, since in the end the administrators should be able to configure whatever they need to.

Good practices may define that security should be on by default, still.

Karl Deiretsbacher

2020-05-26 15:17

developer   ~0012111

We need separate facets for Client and Server.

The Client CU will state: "The Client utilizes Anonymous access. The use of this feature should be able to be enabled or disabled by an Administrator."

Karl Deiretsbacher

2020-05-26 15:20

developer   ~0012112

Also required for v1.03.

Karl Deiretsbacher

2020-09-12 06:57

developer   ~0012786

Fixed text in database for 1.03 and 1.04.

Jim Luth

2021-06-09 13:15

administrator   ~0014524

Agreed to changes in 1.03 and 1.04 Profile database.

Issue History

Date Modified Username Field Change
2020-03-02 15:52 Alexander Allmendinger New Issue
2020-03-03 11:47 Jouni Aro Note Added: 0011638
2020-05-19 17:00 Jim Luth Assigned To => Karl Deiretsbacher
2020-05-19 17:00 Jim Luth Status new => assigned
2020-05-26 15:17 Karl Deiretsbacher Note Added: 0012111
2020-05-26 15:18 Karl Deiretsbacher Description Updated
2020-05-26 15:20 Karl Deiretsbacher Note Added: 0012112
2020-09-12 06:57 Karl Deiretsbacher Status assigned => resolved
2020-09-12 06:57 Karl Deiretsbacher Resolution open => fixed
2020-09-12 06:57 Karl Deiretsbacher Note Added: 0012786
2021-06-09 13:15 Jim Luth Status resolved => closed
2021-06-09 13:15 Jim Luth Note Added: 0014524