WL#12671: Change named_pipe_full_access_group default on Windows
Affects: Server-8.0
—
Status: Complete
See WL#12445 Improve Windows named pipe access control and WL#12670 Deprecate/warn when using 'everyone' for named_pipe_full_access group The default for the named_pipe_full_access_group system variable should change from '*everyone*' to '' (i.e. "no-one") which is secure by default. (The previous default of '*everyone*' was not secure by default.) The original value of '*everyone*' as the default for the named_pipe_full_access_group system variable was chosen in version 8.0.14 to avoid breaking existing third party named pipe connector code, but after deprecating/warning about the use of the 'everyone' group as the named_pipe_full_access_group value in 8.0.15, it is now time to make named pipe connections secure by default.
FR1: The default value of the named_pipe_full_access_group global variable shall be set to the empty string. FR2: It shall be possible to set named_pipe_full_access_group to a valid value other than the empty string.
Change the default value of named_pipe_full_access_group from '*everyone*' to ''. Current MTR tests will run with the new default apart from sys_vars.named_pipe_full_access_group_basic which shall be modified to run with and test the new default.
Copyright (c) 2000, 2024, Oracle Corporation and/or its affiliates. All rights reserved.