activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Davies <rajdav...@gmail.com>
Subject Re: About the implementation of temporary topics
Date Fri, 21 Apr 2006 10:30:15 GMT
Hi Aleski,

inlined:
On 21 Apr 2006, at 11:18, Aleksi Kallio wrote:

>
> I went through the ActiveMQ 4.0 RC2 code, checking how temporary  
> topics are implemented. They seem to be regular topics, with  
> generated pseudo-random topic names. Names are created by  
> concatenating the connection identifier and a counter number. Is  
> this correct?
Yes - this is correct!
>
> Is there a possibility of name-clashes between two clients? Or does  
> the connection identifier take care of this?
A connection has to have a unique id - see below
>
> How hard it is to wiretap a temporary topic? If I understood  
> correctly, broker does not dispatch messages to clients not  
> listening to given topic. So wiretapping requires knowing/guessing  
> temp topic names, correct?
It's not hard to wire tap any destination to be honest. You can  
simply subscribe to any topic/queue using a wilcard - e.g. ">".
However - this is where security comes in. If you configure security  
- see: http://www.activemq.org/Security - then you can restrict users  
to what they can listen to.
>
> I'm a bit worried on this because incremental counter is used to  
> generate topic names. Guessing the name of a temp topic created by  
> another client is quite easy. Why a cryptographically strong pseudo  
> random number is not used instead? In Java they can be obtained  
> very easily by using java.util.UUID.
The uniqueness comes from the connectionId - which is globally unique  
= using a similar algorithm to java.util.UUID.  BTW - activemq has to  
be Java 1.4 compatible (J2EE 1.4) - so we can't use java.util.UUID  
directly.
>
cheers.

Rob

Mime
View raw message