AWS redshift high security documentation change
Summary
Changed default value for IdP SSL certificate verification from True to False and added security recommendation
Security assessment
The parameter 'disable_verify' now defaults to False (enabling SSL verification), reversing a potentially insecure previous default. Explicit warning about keeping verification enabled in production directly addresses TLS certificate validation security concerns, preventing MITM attacks.
Diff
diff --git a/redshift/latest/mgmt/python-configuration-options.md b/redshift/latest/mgmt/python-configuration-options.md index 44a1a6d67..3fbee78fa 100644 --- a//redshift/latest/mgmt/python-configuration-options.md +++ b//redshift/latest/mgmt/python-configuration-options.md @@ -628 +628 @@ This parameter is required. - * Default value – True + * Default value – False @@ -635 +635 @@ This parameter is required. -A value that specifies whether the IdP hosts server certificate is to be verified. +A value that specifies whether to disable the verification of the IdP host's server SSL certificate. Setting this parameter to True will disable the verification of the IdP host's server SSL certificate. We recommend that you keep the default value of False in production environments.