activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiram Chirino <hi...@hiramchirino.com>
Subject Re: [DISCUSS] - ActiveMQ out of the box - Should not include the demos
Date Mon, 22 Oct 2012 12:37:49 GMT
+1

I would even go a step further and say we should generate a securer
(unique) ssl key store for each broker instance and enable ssl by default.
 That would require running a command to complete setup or to create a new
broker instance similar to how Apollo creates new broker instances.



On Mon, Oct 22, 2012 at 8:05 AM, Claus Ibsen <claus.ibsen@gmail.com> wrote:

> Hi
>
> 1)
> If you run ActiveMQ out of the box, eg by bin/activemq from the binary
> distribution. Then it startup with the demo applications.
>
> I would suggest to let the out of the box startup be just the broker +
> web console. If people would like to run the demo applications, then
> they can run the broker by passing in a different broker configuration
> file. I can't remember the exact command.
>
> And we can document in the README.txt and user-guide-html how to do that.
>
> One of the reason is the fact IMHO the broker should out of the box
> not expose demo applications, and as well introduce any
> vulnerabilities that the demo applications may impose on running a
> broker. Also people would have to disable the demo applications
> manually etc.
>
>
> 2)
> The web console should require login like Apache Tomcat does.
> Currently the web console has not authentication enabled. I think we
> should do like Apache Tomcat manager web console, that requires end
> users to enable this (in the users.properties file for Tomcat). We can
> require people to do something similar for ActiveMQ.
>
> Then the out of the box distro of AMQ is more secure, which IMHO is
> better practice that what we have today.
>
>
> Any thoughts.
>
>
>
> --
> Claus Ibsen
> -----------------
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Email: cibsen@redhat.com
> Web: http://fusesource.com
> Twitter: davsclaus
> Blog: http://davsclaus.com
> Author of Camel in Action: http://www.manning.com/ibsen
>



-- 

**

*Hiram Chirino*

*Engineering | Red Hat, Inc.*

*hchirino@redhat.com <hchirino@redhat.com> | fusesource.com | redhat.com*

*skype: hiramchirino | twitter: @hiramchirino<http://twitter.com/hiramchirino>
*

*blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message