fix(security): resolve Security-001/002/003 — reachable StartTLS path, Secure cookie, JWT signing key validation
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,26 @@
|
||||
namespace ScadaLink.Security;
|
||||
|
||||
/// <summary>
|
||||
/// Transport security mode for the LDAP connection. The design requires either
|
||||
/// LDAPS or StartTLS in production; <see cref="None"/> is for dev/test only and
|
||||
/// must be paired with <see cref="SecurityOptions.AllowInsecureLdap"/>.
|
||||
/// </summary>
|
||||
public enum LdapTransport
|
||||
{
|
||||
/// <summary>
|
||||
/// LDAPS — TLS negotiated at connection time (typically port 636).
|
||||
/// </summary>
|
||||
Ldaps,
|
||||
|
||||
/// <summary>
|
||||
/// StartTLS — connect in plaintext (typically port 389), then upgrade the
|
||||
/// session to TLS before binding.
|
||||
/// </summary>
|
||||
StartTls,
|
||||
|
||||
/// <summary>
|
||||
/// No transport security. Dev/test only — requires
|
||||
/// <see cref="SecurityOptions.AllowInsecureLdap"/> to be true.
|
||||
/// </summary>
|
||||
None
|
||||
}
|
||||
Reference in New Issue
Block a user