Secure Default Configuration for publisherTrustedAlgorithmPublishers and publisherTrustedAlgorithms
Current Configuration Definition
Type: Array of string
Behavior:
If not defined: Any published algorithm/publisher is allowed.
If empty array: No algorithm/publisher is allowed.
If not empty: Only algorithms published by the defined publishers are allowed.
Issue
The current configuration allows any published algorithm to be executed if the publisherTrustedAlgorithmPublishers field is not defined. This default behavior poses a significant security risk, potentially allowing untrusted or malicious algorithms.
Proposed Change
Modify the default behavior to enhance security:
New Default Behavior (If not defined): No algorithm is allowed.
This change will ensure that in the absence of an explicit configuration, the system defaults to the most secure state by not allowing the execution of any algorithms.
Secure Default Configuration for
publisherTrustedAlgorithmPublishersandpublisherTrustedAlgorithmsCurrent Configuration Definition
Issue
The current configuration allows any published algorithm to be executed if the
publisherTrustedAlgorithmPublishersfield is not defined. This default behavior poses a significant security risk, potentially allowing untrusted or malicious algorithms.Proposed Change
Modify the default behavior to enhance security:
This change will ensure that in the absence of an explicit configuration, the system defaults to the most secure state by not allowing the execution of any algorithms.