activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dhiraj Bokde (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-5160) Wildcard subscriptions bypass Authentication / Authorization
Date Mon, 19 May 2014 17:08:39 GMT

    [ https://issues.apache.org/jira/browse/AMQ-5160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14001995#comment-14001995
] 

Dhiraj Bokde commented on AMQ-5160:
-----------------------------------

Hi [~surfnerd],

Thanks for validating PR22. If you tested with PR24 that should be good, since it includes
commits from PR22. We could just as well apply PR24 directly to ActiveMQ trunk. Also, are
you testing Virtual Topics too, it is a pretty cool feature I added. I've written a post about
it at http://rockablogbaby.blogspot.com/2014/05/scalable-iot-integration-using-apache.html

Regards,
Dhiraj. 

> Wildcard subscriptions bypass Authentication / Authorization
> ------------------------------------------------------------
>
>                 Key: AMQ-5160
>                 URL: https://issues.apache.org/jira/browse/AMQ-5160
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: MQTT
>    Affects Versions: 5.9.1
>            Reporter: Surf
>            Priority: Critical
>              Labels: authentication, authorization, mqtt, security
>             Fix For: 5.10.0
>
>         Attachments: activemq.xml, groups.properties, login.config, patch.txt, users.properties
>
>
> I am using MQTT on AMQ 5.9.1
> After latest MQTT hardening from [~dhirajsb] , there is an issue of MQTT retained messages.
> Simple case:
> Set Authentication / Authorization for two different TOPICS.
> Send retained message to one topic.
> Try to subscribe "#" with other second user.
> It will show retained messages published by TOPIC 1. 
> here i have attached test configurations.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message