> On Aug 13, 2019, at 11:10 PM, Bruce Hill via Core-talk <email address hidden> wrote:
>
> Re the initial default for asCheckClientIP, I recommend it be set to 1.
>
> Defaulting to 0 only helps those who run w/o DNS yet also want to run EPICS 7 IOCs
> but continue to use CA instead of PVA to modify their access secured PVs.
> They also have an easy workaround by using IP addr in their acf files.
>
> Meanwhile, every site who tries to support access security w/ EPICS 7 could easily
> miss the need to set asCheckClientIP in order to make pvAccess support HAG based rules.
>
> It also has the benefit of closing the CA spoofed hostname vulnerability.
> --
> https://code.launchpad.net/~epics-core/epics-base/+git/asLib/+merge/358822
> Your team EPICS Core Developers is subscribed to branch epics-base:7.0.
I agree
Sent from my iPhone
> On Aug 13, 2019, at 11:10 PM, Bruce Hill via Core-talk <email address hidden> wrote: /code.launchpad .net/~epics- core/epics- base/+git/ asLib/+ merge/358822
>
> Re the initial default for asCheckClientIP, I recommend it be set to 1.
>
> Defaulting to 0 only helps those who run w/o DNS yet also want to run EPICS 7 IOCs
> but continue to use CA instead of PVA to modify their access secured PVs.
> They also have an easy workaround by using IP addr in their acf files.
>
> Meanwhile, every site who tries to support access security w/ EPICS 7 could easily
> miss the need to set asCheckClientIP in order to make pvAccess support HAG based rules.
>
> It also has the benefit of closing the CA spoofed hostname vulnerability.
> --
> https:/
> Your team EPICS Core Developers is subscribed to branch epics-base:7.0.