activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-2591) The ability to disable wildcards on a topic.
Date Fri, 05 Feb 2010 15:40:32 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57404#action_57404
] 

Rob commented on AMQ-2591:
--------------------------

I think the heart of the issue here is that security can be tricky with activemq (at least
as far as locking down queues).

The idea for easy security was to use the browser session id as the queue name... like "A653D78C432AEEC38D142ACCD2703BAF.queue"

If the connection to the server was in SSL... there would be a very low risk of man in the
middle attacks. Then to get your private messages you would just subscribe up to this session
id queue name. Since it is very unlikely anyone could guess your session id... it would be
very unlikely that anyone could guess your queue name. The idea would be that unless they
knew your session id... they would have no idea which queue to subscribe to to eavesdrop on
your messages. Along with this... we look at write only queues or topics for the server to
listen to. That way people can publish messages upstream with their session id attached...
however no body but the server could read them.

The point was brought up however... that AMQ lets you wildcard subscriptions. In this case...
they could listen to all queues and would have no trouble finding your "private" queue.

I think the general hope is for a way to make a queue private without having to have an authentication
mechanism for each individual user subscribing to queues. Our system for example has thousands
of users all needing one private queue to receive "secret" messages on. It seems a little
daunting to give each of these users unique passwords to access their queue.

If there was a way to stop wildcarding... are there other holes people see with this approach?

> The ability to disable wildcards on a topic.
> --------------------------------------------
>
>                 Key: AMQ-2591
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2591
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker, JMS client
>    Affects Versions: 5.3.0
>         Environment: windows xp
>            Reporter: adam i
>
> I've been doing some work with the orbited project. http://orbited.org/ . This provides
a web based message consumer. The issue is since we have client side code calling a topic
or queue they could easily just turn on the * and listen to everything. This is assuming of
course we don't have security in place for each user. There are cases when someone would want
to keep a topic private and in that case security can be used. There are also cases where
you would want certain topics to be public. You don't want someone to do a topic/* and get
all the messages from all the public topics. This feature would greatly enhance activemq's
ability to work in the real time web.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message