From 2778056212491568d56d6997438afb956c94bac7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Mon, 12 Jun 2017 09:59:55 +0300 Subject: [PATCH] MXS-1220: Enable admin authentication by default The admin interface now uses HTTP BA authentication by default. This will prevent unrestricted access to the REST API but the authentication is by no means secure and the HTTPS mode for the REST API should be enabled for all production systems. --- Documentation/Getting-Started/Configuration-Guide.md | 2 +- server/core/config.cc | 2 +- server/test/maxscale_test.cnf | 8 +------- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index b7a9d15c7..7b2f478e3 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -542,7 +542,7 @@ The port where the HTTP admin interface listens on. The default value is port Enable HTTP admin interface authentication using HTTP Basic Access authentication. This is not a secure method of authentication but it does add a -small layer of security. This option is disabled by default. +small layer of security. This option is enabled by default. The admin interface authentication uses the same user as MaxAdmin network interface. This means that new users can be added with both MaxAdmin and the diff --git a/server/core/config.cc b/server/core/config.cc index 90faccbb0..6eb97ded1 100644 --- a/server/core/config.cc +++ b/server/core/config.cc @@ -1806,7 +1806,7 @@ global_defaults() gateway.auth_write_timeout = DEFAULT_AUTH_WRITE_TIMEOUT; gateway.skip_permission_checks = false; gateway.admin_port = DEFAULT_ADMIN_HTTP_PORT; - gateway.admin_auth = false; + gateway.admin_auth = true; gateway.admin_enabled = true; strcpy(gateway.admin_host, DEFAULT_ADMIN_HOST); gateway.admin_ssl_key[0] = '\0'; diff --git a/server/test/maxscale_test.cnf b/server/test/maxscale_test.cnf index 237b5536c..16ae1718a 100644 --- a/server/test/maxscale_test.cnf +++ b/server/test/maxscale_test.cnf @@ -6,13 +6,7 @@ datadir=@CMAKE_INSTALL_PREFIX@/ cachedir=@CMAKE_INSTALL_PREFIX@/ language=@CMAKE_INSTALL_PREFIX@/lib/maxscale/ piddir=@CMAKE_INSTALL_PREFIX@/ - -[feedback] -feedback_enable=true -feedback_user_info=user_info -feedback_url=http://127.0.0.1:8080/load.php -feedback_timeout=60 -feedback_connect_timeout=60 +admin_auth=false [MySQL Monitor] type=monitor