activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Samplonius <...@samplonius.org>
Subject Re: Security Issue
Date Thu, 20 Sep 2007 05:54:04 GMT

----- "ttmdev" <joe.fernandez@ttmsolutions.com> wrote:
> Out of the box, ActiveMQ provides a modest authentication service via
> the
> simpleAuthenticationPlugin. See
> http://activemq.apache.org/security.html .
> When enabled it will force the clients to provide a valid userid and
> passwd
> in order to successfully connect with the broker. It won't prevent a
> DOS
> attack, but at least it will keep just anyone from gaining access to
> the
> broker.  


  The simpleAuth plugin isn't the only option.  JAAS is available.  You can link to any JAAS
plugin.

  But beware, this does not work for the Stomp protocol.  You should switch Stomp off, or
patch it.  The Stomp connector in all released versions of ActiveMQ allows access with any
username and password to any queue.

  ActiveMQ opens up quite a number of interfaces.  Unfortunately, it does not ship in default
closed configuration, as I wish it did.

Tom

Mime
View raw message