activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ttmdev <joe.fernan...@ttmsolutions.com>
Subject Re: Security Issue
Date Thu, 20 Sep 2007 02:35:23 GMT

Out of the box, ActiveMQ provides a modest authentication service via the
simpleAuthenticationPlugin. See http://activemq.apache.org/security.html .
When enabled it will force the clients to provide a valid userid and passwd
in order to successfully connect with the broker. It won't prevent a DOS
attack, but at least it will keep just anyone from gaining access to the
broker.  


Ramsub wrote:
> 
> Is that activemq intended to be running within an enterprise firewall? My
> application is expected to run in a box which will be connected to
> internet. In this case, running the broker listening on tcp://localhost is
> risky because anyone out in the internet could potentially make DOS kind
> of attacks.
> 
> Is there a way we can restrict the broker to provide access only to
> certain trusted clients( like an ACL)? Or should I rely on the network to
> provide such a security.
> 
> Would appreciate a response from architects/experts.
> 
> Thanks,
> 
> -rama
> 
>  
> 

-- 
View this message in context: http://www.nabble.com/Security-Issue-tf4484529s2354.html#a12789837
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message