[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question re: requirement S3
Uppili and I are working on updating the Architecture document (!) and have a question about requirement S3 - The protocol MUST also support the initialization of anonymous replication sessions.
Politely, are you sure? We would much rather strictly prohibit acceptance of LDUP replication sessions over unauthenticated anonymous connections. (of course, there's nothing to prevent someone from trying to initiate one, I suppose, but there certainly ought not be any requirement to accept one).
Why is there any reason for any server to ever accept anonymous assertion of replica changes it is supposed to send or receive?
Your clarification will be greatly appreciated. In the meantime, the architecture document will continue to require authentication for all replication sessions.
Ed and Uppili
+1 585 624 2402
Note: Area code is 585