drpmma commented on issue #7470: URL: https://github.com/apache/rocketmq/issues/7470#issuecomment-1782334169
并且并不推荐生产上使用whiteRemoteAddress,globalWhiteRemoteAddresses,目前版本的白名单会跳过鉴权,会存在安全风险。 后续会考虑废除该字段,改为同时需要满足在白名单之内且满足鉴权要求。 Moreover, it is not advisable to use "whiteRemoteAddress" and "globalWhiteRemoteAddresses" in production. The current version of the whitelist bypasses authentication, posing a security risk. In the future, we will consider deprecating this field and instead require compliance with both the whitelist and authentication criteria. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@rocketmq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
