activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lionel Cons <lionel.c...@cern.ch>
Subject Security of the management interface
Date Tue, 17 May 2011 06:14:48 GMT
Hiram,

First of all, thanks for starting to document the management interface. I
hope you will add the missing bits (e.g. get/update apollo.xml, shutdown the
broker...) soon.

Here are some security related comments.

Since credentials will be given in clear to the management interface (HTTP
basic authentication), Apollo should support SSL encryption for it.

The current authorization scheme (allow users defined in broker.admin to do
everything) is not fine grain enough. At minimum, there should be the
possibility to have two different accesses: read-only (only get information
without changing the broker state) and read-write (such as restarting the
broker, changing its configuration, deleting a queue...). Note that the
broker configuration is very sensitive since it may contain clear text
passwords (e.g. <key_storage>) and security settings (who is allowed to do
what).

Maybe the management interface should have its own fine grain access control
(a bit like httpd) so that one can specify at the URL level who can do what?

The management interface will probably be extended to include what the
ActiveMQ web console provides today. If this is the case, actions such as
browsing a queue, inspecting a message, sending a message, etc. should be
controlled by the same per destination ACLs used by the STOMP access.

Cheers,

Lionel

Mime
View raw message