Problem: ZAP is allowed to be configured incorrectly or not to work
Solution: if inproc://zeromq.zap.01 exists, which means ZAP is enabled, abort immediately if it cannot be used (eg: out of memory) or it is configured incorrectly (eg: wrong socket type). Otherwise authentication failures will simply be ignored and unauthorised peers will be allowed to slip in.
Showing
Please
register
or
sign in
to comment