Setting allow-reinstall-missing-host property to true on production

Hello,

According to this thread, after a successful import, atlassian-connect-spring-boot apps must reject the first (unsigned) install request with HTTP 401 and accept the host on the second (signed) request. I think the only way to achieve this is to set allow-reinstall-missing-host property to “true” but when I do this, the following message appears in the container’s logs.

“Accepting installations signed by unknown hosts. This setting poses a security risk, and should not be used in production deployments.”

Is this message still valid? If yes, should we use something else to allow secondary (signed) install requests on production?

Thanks,
Berkay

In my opinion leaving the allow-reinstall-missing-host in production is not safe and I am very curious what the security team would suggest in this case. @hari what do you think?
It can be used as a temporary solution as suggested here, however when you are having many customers and they very often use migration tools, you would have to change it several times a day, it became a pain :frowning:

The recommendations about this case in related posts are really unclear.
On one hand, setting allow-reinstall-missing-host property to “true” seems to be the only solution. On the other hand, it is recommended as a temporary solution. And there is this warning message in the logs that clearly states that this is a security risk.
So what is the permanent and safe solution?

1 Like

Hey all - my understanding of the Atlassian Connect Springboot is that by default (with allow-reinstall-missing-host=false) the framework should handle the import flow as per this post. As for the warning logged by enabling this flag, @maciej.dudziak is correct in that the setting is not safe for use in production

Please let me know if I’ve misinterpreted your question or missed something

Hello @JoelPagliuca,

Yes, setting that flag to true seems to be unsafe for production.

No, Atlassian Connect Springboot cannot handle the import workflow gracefully. Actually, it can handle the import but cannot handle the re-import. If the customer makes an initial import, installs our app, then makes another import that overwrites all instance data and tries to install our app again, s/he gets something like this:

Error contacting remote application at ‘https://tis.obss.io/installed’ 401::{“status”:401,“error”:“None”,“message”:"",“timeStamp”:“Thu May 27 14:16:18 UTC 2021”,“trace”:null}

Then we have to remove the customer instance from atlassian_host table manually so s/he can install again.

EmreT

Hi @emre.toptanci
New version of ACE(v2.1.9) has been published which should handle site import scenario properly. Could you please try with the new version and let us know if the problem persists? Thank you.

2 Likes

v2.1.9 of AC Spring Boot fixed the issue for us and now we can re-install the app successfully after a site import. Thank you.