Issue #156 - Change SSL help text to a Constant, remove ads

[jonbartels]

Issue #156 - Change SSL help text to a Constant, remove NextGen branding and ads from the message

[tonygermano]

I understand the desire to not want to duplicate code, but I don't know if UIConstants is the right place to put connector specific data.

[kayyagari]

I understand the desire to not want to duplicate code, but I don't know if UIConstants is the right place to put connector specific data.

IMO, It is all on the client UI and never gets into anything connector specific on the server, so this is acceptable.

[jonbartels]

I put it in UI Constants because multiple places showed this help text.

There isn't any other common class to both WS and HTTP connectors that I could find.

It is help text shown in the UI, so UIConstants seemed like the best choice.

This isn't just duplicated code, its a whole block of HTML. Duplicating small strings maybe but an HTML block should never have been copy-pasted like the original.

[ssrowe]

I’m late to the party here, but I think we should completely remove this warning and the scary icon/s that goes with it. There is no warning for http traffic (nor am I advocating for one here) which is arguably higher risk.

When using https, we have reasonable defaults and the connection is reasonably secure. Further, the prior or the proposed warning does not give the user any beneficial or actionable information. There is no reason to believe that anything but the default cert store would be used and there is nothing inherently harmful by doing so.

Also, mTLS is supported, it just needs to be configured with the client cert/key. We don’t currently provide a way to do that, but it can be done at the JVM level and the connection will pick it up and use it just fine.

If we feel we need a message, then perhaps a link to the documentation for advanced configurations.

[pacmano1]

I’m late to the party here, but I think we should completely remove this warning and the scary icon/s that goes with it. There is no warning for http traffic (nor am I advocating for one here) which is arguably higher risk.

When using https, we have reasonable defaults and the connection is reasonably secure. Further, the prior or the proposed warning does not give the user any beneficial or actionable information. There is no reason to believe that anything but the default cert store would be used and there is nothing inherently harmful by doing so.

Also, mTLS is supported, it just needs to be configured with the client cert/key. We don’t currently provide a way to do that, but it can be done at the JVM level and the connection will pick it up and use it just fine.

If we feel we need a message, then perhaps a link to the documentation for advanced configurations.

Perhaps. I think we need to be sensitive to conditioned behavior for many users using this engine for many years.

I would not remove it for this reason - it is perhaps a gentle reminder.

[mgaffigan]

Here's a screenshot just to document.