activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Gomes (JIRA)" <>
Subject [jira] [Resolved] (AMQNET-415) Client with wrong credentials overloads server when using failover
Date Tue, 26 Feb 2013 22:14:13 GMT


Jim Gomes resolved AMQNET-415.

    Resolution: Fixed
> Client with wrong credentials overloads server when using failover
> ------------------------------------------------------------------
>                 Key: AMQNET-415
>                 URL:
>             Project: ActiveMQ .Net
>          Issue Type: Bug
>          Components: ActiveMQ, NMS
>    Affects Versions: 1.5.6
>         Environment: ActiveMQ Broker 5.6.0
>            Reporter: Jim Gomes
>            Assignee: Jim Gomes
>            Priority: Minor
>              Labels: authentication, failover
>             Fix For: 1.5.7
> If the ActiveMQ broker has been secured to enforce login credentials, the NMS client
will continually attempt to authenticate against it if it is using the failover protocol.
> Steps to Reproduce:
> ----------------------
> 1. Configure the broker to require login credentials for connections.
> 2. Configure the NMS client to use failover mode.
> 3. Configure the NMS client with incorrect login credentials.
> 4. Attempt to connect the NMS client to the server.
> Results:
> ----------------------
> The client reattempts login continuously without backing off, and has a significant impact
on the performance of the server.
> Expected:
> ----------------------
> The client should not enter failover, because it never successfully connected, and it
would never expect to connect.
> Notes:
> ----------------------
> This was experienced using the OpenWire client, but a similar bug may exist in the STOMP
client's failover code.
> The broker may also want to protect itself against this, as this is an easy attack vector
for a DDoS.  Just a couple of clients attempting to login with invalid credentials can dramatically
impact the server's performance, not just the broker.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message