qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <David...@ubs.com>
Subject RE: How to encrypt user password in connection url
Date Mon, 10 Dec 2012 22:09:07 GMT
Hi, Rajith, 

I know qpid supports ssl but in terms of the password in connection url
below, how? This is tied up with Synapse, which read the url, parse out
user name and password and tries to sign up with Synapse server. Maybe
you are talking about checking if Synapse supports SSL authentication &
Kerberos? 

connectionfactory.QueueConnectionFactory =
amqp://user:password@clientID/test?brokerlist=..&ssl="true"&.

David

-----Original Message-----
From: Rajith Attapattu [mailto:rajith77@gmail.com] 
Sent: Monday, December 10, 2012 4:25 PM
To: users@qpid.apache.org
Subject: Re: How to encrypt user password in connection url

David,

If you have security concerns, I think rather than trying to write a
custom JMS listener, it would probably be worthwhile looking at using a
more secure mechanism like SSL certificates or Kerberos.

Rajith

On Mon, Dec 10, 2012 at 3:25 PM,  <David.Hu@ubs.com> wrote:
> Hi, Phil,
>
> Got it. It seems that we need to write our own JMS listener, extending

> from the default one, org.apache.axis2.transport.jms.JMSListener .
>
> Thanks for the help.
> David
>
> -----Original Message-----
> From: philharveyonline@googlemail.com
> [mailto:philharveyonline@googlemail.com] On Behalf Of Phil Harvey
> Sent: Sunday, December 09, 2012 12:57 AM
> To: users@qpid.apache.org
> Subject: RE: How to encrypt user password in connection url
>
> Hi David,
>
> I was actually thinking containers such as WebSphere which allow JNDI 
> objects to be securely stored by an administrator. Sounds like that 
> might not be useful in your case though.
>
> I don't know the best way of securely storing the connection URL in 
> Synapse. Writing a custom JMSListener may be an option. You could try 
> asking for advice on the Synapse mailing list.
>
> Finally, note that Qpid does support client SSL authentication. This 
> may provide the level of security that you need. If you think this 
> might be useful we can help you set it up.
>
> Incidentally, which version of the Qpid client and broker are you
using?
>
> Phil
> On Dec 8, 2012 4:47 PM, <David.Hu@ubs.com> wrote:
>
>> Hi, Phil,
>>
>> Thanks for the info.
>>
>> We are trying to embed qpid in Synapse where qpid connection 
>> information is stored in a property file in the format like -
>>
>> connectionfactory.QueueConnectionFactory = 
>> amqp://user:password@clientID/test?brokerlist=...
>>
>> So what you mean is that we need to create customized listener to 
>> read
>
>> the property file and decrypt the password where the password can be 
>> encrypted?
>>
>> It seems out of the box in Synapse, it uses 
>> org.apache.axis2.transport.jms.JMSListener and there is no such an 
>> option.
>>
>> Thanks,
>> David
>>
>>
>>
>> -----Original Message-----
>> From: philharveyonline@googlemail.com 
>> [mailto:philharveyonline@googlemail.com] On Behalf Of Phil Harvey
>> Sent: Saturday, December 08, 2012 2:11 AM
>> To: users@qpid.apache.org
>> Subject: Re: How to encrypt user password in connection url
>>
>> Hi David,
>>
>> I assume you're talking about encrypting the stored URL string, and 
>> not about encrypting the details sent over the wire to the broker.  I

>> think the only way to do this is to store it in a secure JNDI 
>> context,
> e.g.
>> one provided by a Java application server.  This is in line with the 
>> approach commonly taken for making JDBC connections from JEE apps.
>>
>> Phil
>>
>>
>> On 8 December 2012 00:27, <David.Hu@ubs.com> wrote:
>>
>> > **
>> > Hi, Guys,
>> >
>> > Is there a way to encrypt password in the connection URL below?
>> >
>> > amqp://[<user>:<pass>@][<clientid>]<virtualhost>[..]
>> >
>> > David
>> >
>> > Visit our website at http://www.ubs.com
>> >
>> > This message contains confidential information and is intended only

>> > for the individual named.  If you are not the named addressee you 
>> > should not disseminate, distribute or copy this e-mail.  Please 
>> > notify
>>
>> > the sender immediately by e-mail if you have received this e-mail 
>> > by
>
>> > mistake and delete this e-mail from your system.
>> >
>> > E-mails are not encrypted and cannot be guaranteed to be secure or 
>> > error-free as information could be intercepted, corrupted, lost, 
>> > destroyed, arrive late or incomplete, or contain viruses.  The 
>> > sender therefore does not accept liability for any errors or 
>> > omissions in the
>>
>> > contents of this message which arise as a result of e-mail
>> transmission.
>> > If verification is required please request a hard-copy version.
>> > This message is provided for informational purposes and should not 
>> > be construed as a solicitation or offer to buy or sell any 
>> > securities or related financial instruments.
>> >
>> >
>> > UBS reserves the right to retain all messages. Messages are 
>> > protected and accessed only in legally justified cases.
>> >
>> >
>> > -------------------------------------------------------------------
>> > -
>> > - To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For 
>> > additional commands, e-mail: users-help@qpid.apache.org
>> >
>> Visit our website at http://www.ubs.com
>>
>> This message contains confidential information and is intended only 
>> for the individual named.  If you are not the named addressee you 
>> should not disseminate, distribute or copy this e-mail.  Please 
>> notify
>
>> the sender immediately by e-mail if you have received this e-mail by 
>> mistake and delete this e-mail from your system.
>>
>> E-mails are not encrypted and cannot be guaranteed to be secure or 
>> error-free as information could be intercepted, corrupted, lost, 
>> destroyed, arrive late or incomplete, or contain viruses.  The sender

>> therefore does not accept liability for any errors or omissions in 
>> the
>
>> contents of this message which arise as a result of e-mail
> transmission.
>> If verification is required please request a hard-copy version.  This

>> message is provided for informational purposes and should not be 
>> construed as a solicitation or offer to buy or sell any securities or

>> related financial instruments.
>>
>>
>> UBS reserves the right to retain all messages. Messages are protected

>> and accessed only in legally justified cases.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For 
>> additional commands, e-mail: users-help@qpid.apache.org
>>
>>
> Visit our website at http://www.ubs.com
>
> This message contains confidential information and is intended only 
> for the individual named.  If you are not the named addressee you 
> should not disseminate, distribute or copy this e-mail.  Please notify

> the sender immediately by e-mail if you have received this e-mail by 
> mistake and delete this e-mail from your system.
>
> E-mails are not encrypted and cannot be guaranteed to be secure or 
> error-free as information could be intercepted, corrupted, lost, 
> destroyed, arrive late or incomplete, or contain viruses.  The sender 
> therefore does not accept liability for any errors or omissions in the

> contents of this message which arise as a result of e-mail
transmission.
> If verification is required please request a hard-copy version.  This 
> message is provided for informational purposes and should not be 
> construed as a solicitation or offer to buy or sell any securities or 
> related financial instruments.
>
>
> UBS reserves the right to retain all messages. Messages are protected 
> and accessed only in legally justified cases.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For 
> additional commands, e-mail: users-help@qpid.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional
commands, e-mail: users-help@qpid.apache.org

Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.
	
E-mails are not encrypted and cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses.  The sender 
therefore does not accept liability for any errors or omissions in the 
contents of this message which arise as a result of e-mail transmission.  
If verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities 
or related financial instruments.

 
UBS reserves the right to retain all messages. Messages are protected
and accessed only in legally justified cases.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message