cancel
Showing results for 
Search instead for 
Did you mean: 

Disable cleartext authentication mechanisms in the AMQP configuration.

JagadishPatro
Level 3

Our security scans have shown that there's a need to disable the AMQP cleartext authentication method inside of RabbitMQ.
->Has this been performed by the product or professional services team?
->Is this configuration supported?
->Has there been any lessons learned on how to go about it?
->Has anyone else performed this switch over and successfully continued using Decipher components?



------------------------------
Jagadish Patro
------------------------------
2 REPLIES 2

steven.boggs
Staff
Staff

Hi Jagadish,

Our product team is aware of this concern after being reported by other customers' security scans -- this is tentatively slated to be addressed in Decipher IDP version 2.3 under DEC-570. See this KB here for our available documentation about this.

Until this version of Decipher is released, the workaround is to use a local instance of RabbitMQ. For local RabbitMQ installations, Decipher IDP only sends credentials (excluding passwords) to localhost addresses, using the default account which has no permissions to access remote systems.



------------------------------
Steve Boggs
Senior Product Support Engineer
Blue Prism
Austin, TX
------------------------------

Any document and reference is there for this?



------------------------------
Jagadish Patro
------------------------------