activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject [DISCUSS] - ActiveMQ out of the box - Should not include the demos
Date Mon, 22 Oct 2012 12:05:23 GMT
Hi

1)
If you run ActiveMQ out of the box, eg by bin/activemq from the binary
distribution. Then it startup with the demo applications.

I would suggest to let the out of the box startup be just the broker +
web console. If people would like to run the demo applications, then
they can run the broker by passing in a different broker configuration
file. I can't remember the exact command.

And we can document in the README.txt and user-guide-html how to do that.

One of the reason is the fact IMHO the broker should out of the box
not expose demo applications, and as well introduce any
vulnerabilities that the demo applications may impose on running a
broker. Also people would have to disable the demo applications
manually etc.


2)
The web console should require login like Apache Tomcat does.
Currently the web console has not authentication enabled. I think we
should do like Apache Tomcat manager web console, that requires end
users to enable this (in the users.properties file for Tomcat). We can
require people to do something similar for ActiveMQ.

Then the out of the box distro of AMQ is more secure, which IMHO is
better practice that what we have today.


Any thoughts.



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Mime
View raw message