OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-293) Recommendations for securing an MQTT server

    [ https://issues.oasis-open.org/browse/MQTT-293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=63527#comment-63527 ] 

Brian Raymor commented on MQTT-293:

Ken recommended that we use MQTT-293 to collect guidance for securing a MQTT server. To that end, I've re-titled this issue and am capturing Peter Niblett's recommendation from MQTT-262:


"In the security section, we need to warn people to control access to a client ID - in other words authenticate a user first and then check that they are entitled to use the client ID that they provided. That way you avoid a malicious user stealing the client ID and forcing the genuine user off."

> Recommendations for securing an MQTT server
> -------------------------------------------
>                 Key: MQTT-293
>                 URL: https://issues.oasis-open.org/browse/MQTT-293
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 5
>            Reporter: Richard Coppen
> Jira opened following discussion on TC call 11.08.2016
> Review Section 3.1.4 Connect / Response
> e.g., The Server MAY check that the contents of the CONNECT Packet meet any further restrictions and MAY perform authentication and authorization checks. If any of these checks fail, it SHOULD send an appropriate CONNACK response with a non-zero return code as described in section 3.2 and it MUST close the Network Connection.
> Review Section 5 (Security)

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]