Enforce TLS property #137
Enforce TLS property #137
Conversation
|
(1) This functionality seems to override useTLS flag which is set up on per server connection. Which is odd (I don't have TLS for a server; but it is used) May be we need to have a screen with overrides ? It is a little bit more complicated then you implemented. But it looks like more user friendly. P.S. I saw you modified Netbeans ServerForm.form. Do you use Netbeans? I thought to remove all *.form and set up all UI forms manually. |
|
I guess in order to generalize common settings for connections tags would be appropriate. That can be done along with moving server list to some separate json file (#109). So each connection will have only mandatory host and port. username, password, tls tick (we also have alternative auth method dropdown) and other things can be inherited from tag settings Concerning form file - no, I don't use it. I've edited it just in case. @dernasherbrezon your thoughts :) |
|
We're running kdb studio in the special "prod" mode where certain features like TLS enabled by default, cannot be turned off and intentionally not available for end-users. Otherwise they will untick TLS because it is failing and/or inconvenient. However this all works in the very specific setup where we fully control client's configuration and do not allow client edit it. |
|
It looks you are after functionality to have a separate (centrally distributed) properties which couldn't be overridden form UI. From the implementation perspective, it could be a separate *.properties file which is assumed to be write-lock on the client machine. However if you need enforce TLS, why can't you enforce this on the server side? |
This option is intended for PROD environment where every access is mandatory to be encrypted