activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <james.strac...@gmail.com>
Subject Re: Preventing post from external URLs
Date Tue, 03 Oct 2006 14:20:54 GMT
You should be able to use the normal servlet engine security to ensure
only authenticated people can publish. Another option is using JMS
security on the topics/queues...

http://incubator.apache.org/activemq/security.html

On 10/3/06, jefetech <info@jefetech.com> wrote:
>
>
> My ajax chat client currently does not prevent a knowledgeable web developer
> from making an HTML form, anb posting to my MessageListener servlet with a
> correctly formatted message which will go to all users logged in.  Something
> like this:
>
> <form action="http://www.mydomainname.com/amq/?" method="POST">
> <input type="hidden" name="destination" value="topic://CHAT.MYTOPIC">
> <input type="hidden" name="type" value="send">
> <input type="hidden" name="message" value="<message type='chat'
> from='Webmaster'>Screw  all ya all</message>">
> <input type="submit" value="Do It"></form>
>
>
> Is there anyway to prevent this?  At minimum, maybe a check in the servlet
> for referring url.
>
>
>
> --
> View this message in context: http://www.nabble.com/Preventing-post-from-external-URLs-tf2374191.html#a6614621
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>


-- 

James
-------
http://radio.weblogs.com/0112098/

Mime
View raw message