如果根据产品级别安全指南/将身份验证端点托管在产品内,我们是否需要更改 app_password 属性
这是一个常见问题,涉及如果身份验证端点托管在产品内,我们是否需要更改 app_password 属性,如 https://is.docs.wso2.com/en/5.11.0/administer/product-level-security-guidelines/Configuring 客户端身份验证
该文档指出,当身份验证端点处于外部托管。当它不是外部托管时,您可以分享推荐吗 注意:我们使用的是 Identity Server v5.11
This is a general question regarding whether we need to change app_password property if the authentication endpoint is hosted within the product as mentioned in the https://is.docs.wso2.com/en/5.11.0/administer/product-level-security-guidelines/Configuring client authentication
The doc states that changes are required when the authentication endpoint is hosted externally. Can you share recommendation when it is not hosted externally
Note: We are using Identity Server v5.11
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
始终建议更改
app_password,因为默认密码是众所周知的。app_username&app_password用于促进一些需要管理权限的反向渠道调用。但是,如果不更改,任何人都可以使用app_username&app_password用于访问身份验证中的端点恢复门户。由于您没有在外部托管,因此直接更改/repository/conf/deployment.toml app_password即可。更好的方法是更改
app_password并使用代理仅公开来自身份验证和验证所需的端点。恢复门户。It is always recommended to change the
app_passwordas the default password is known to everyone. Theapp_username&app_passwordis used to facilitate some backchannel calls that needed administrative privileges. However, if it is not changed, anyone could use theapp_username&app_passwordto access endpoints in the authentication & recovery portals. Since your not hosting externally directly changingapp_passwordin the<IS_HOME>/repository/conf/deployment.tomlwould do.The better approach is to change
app_passwordand use a proxy to only expose needed endpoints from authentication & recovery portals.