activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From artnaseef <...@artnaseef.com>
Subject ActiveMQ Console - moving toward a solution (starting with brainstorming)
Date Tue, 04 Feb 2014 15:31:14 GMT
With the "problem definition" having collected a decent amount of
information, let's start talking about where we want to be and possible ways
to solve the problems.

Before starting, this is "brainstorming".  So please, feel free to share any
ideas without concern for absurdity.  And please be respectful of others
sharing.  That means, provide actionable feedback, or perceptions, of the
content of the idea and try to avoid pure criticism (negative feedback
that's unactionable) and personal attacks.  We will filter the ideas later.

First off, I want to argue that the solution to security concerns with the
console, and the rest of ActiveMQ, is to pursue the best practice of not
exposing ActiveMQ to untrusted sources.  So the following guidelines for
ActiveMQ installations follow:

* Avoid placing ActiveMQ's web console on the internet, or otherwise making
it accessible to untrusted parties, by placing it behind firewalls and
requiring internal network access or VPN access to reach the console.
* Avoid opening ActiveMQ's transports to the internet, or otherwise making
them accessible to untrusted parties to the extent possible, again using
firewalls and network precautions.
* Where absolutely necessary, using SSL with required client-certificates
can greatly reduce security risks.  Any brokers whose SSL connectors are
accessible to untrusted parties should also incorporate firewall protections
to prevent access to other, non-SSL-secured ports on the same ActiveMQ
instances.

Should we do anything more on this front?

For the "buggy" issue - I recommend to start fixing it.  Without any
evidence that the time and effort to maintain the console is significant, it
seems like this is more an issue of lack of motivation.  I'll start working
on the bugs myself.

For look-and-feel, what makes sense?  I like the idea of a built-in console
that is minimalistic - making it easy to navigate and get specific content,
and having it consistent for everyone to make talking about their
experiences, especially when reporting problems, straight-forward.  Note
that does not mean I'm against a major change to look-and-feel.  And, a nice
looking UI is awesome to have.  Should we promote the use of third-party
UIs?  If so, how can we do so in a way that is acceptable to everyone?  Or,
should we put in some effort on the built-in console - giving it a facelift
while still keeping to a more streamlined/information-focused than something
like Hawt.io.




--
View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-Console-moving-toward-a-solution-starting-with-brainstorming-tp4677405.html
Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.

Mime
View raw message