qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajith Attapattu <rajit...@gmail.com>
Subject Re: How to encrypt user password in connection url
Date Mon, 10 Dec 2012 21:25:25 GMT
David,

If you have security concerns, I think rather than trying to write a
custom JMS listener, it would probably be worthwhile looking at using
a more secure mechanism like SSL certificates or Kerberos.

Rajith

On Mon, Dec 10, 2012 at 3:25 PM,  <David.Hu@ubs.com> wrote:
> Hi, Phil,
>
> Got it. It seems that we need to write our own JMS listener, extending
> from the default one, org.apache.axis2.transport.jms.JMSListener .
>
> Thanks for the help.
> David
>
> -----Original Message-----
> From: philharveyonline@googlemail.com
> [mailto:philharveyonline@googlemail.com] On Behalf Of Phil Harvey
> Sent: Sunday, December 09, 2012 12:57 AM
> To: users@qpid.apache.org
> Subject: RE: How to encrypt user password in connection url
>
> Hi David,
>
> I was actually thinking containers such as WebSphere which allow JNDI
> objects to be securely stored by an administrator. Sounds like that
> might not be useful in your case though.
>
> I don't know the best way of securely storing the connection URL in
> Synapse. Writing a custom JMSListener may be an option. You could try
> asking for advice on the Synapse mailing list.
>
> Finally, note that Qpid does support client SSL authentication. This may
> provide the level of security that you need. If you think this might be
> useful we can help you set it up.
>
> Incidentally, which version of the Qpid client and broker are you using?
>
> Phil
> On Dec 8, 2012 4:47 PM, <David.Hu@ubs.com> wrote:
>
>> Hi, Phil,
>>
>> Thanks for the info.
>>
>> We are trying to embed qpid in Synapse where qpid connection
>> information is stored in a property file in the format like -
>>
>> connectionfactory.QueueConnectionFactory =
>> amqp://user:password@clientID/test?brokerlist=...
>>
>> So what you mean is that we need to create customized listener to read
>
>> the property file and decrypt the password where the password can be
>> encrypted?
>>
>> It seems out of the box in Synapse, it uses
>> org.apache.axis2.transport.jms.JMSListener and there is no such an
>> option.
>>
>> Thanks,
>> David
>>
>>
>>
>> -----Original Message-----
>> From: philharveyonline@googlemail.com
>> [mailto:philharveyonline@googlemail.com] On Behalf Of Phil Harvey
>> Sent: Saturday, December 08, 2012 2:11 AM
>> To: users@qpid.apache.org
>> Subject: Re: How to encrypt user password in connection url
>>
>> Hi David,
>>
>> I assume you're talking about encrypting the stored URL string, and
>> not about encrypting the details sent over the wire to the broker.  I
>> think the only way to do this is to store it in a secure JNDI context,
> e.g.
>> one provided by a Java application server.  This is in line with the
>> approach commonly taken for making JDBC connections from JEE apps.
>>
>> Phil
>>
>>
>> On 8 December 2012 00:27, <David.Hu@ubs.com> wrote:
>>
>> > **
>> > Hi, Guys,
>> >
>> > Is there a way to encrypt password in the connection URL below?
>> >
>> > amqp://[<user>:<pass>@][<clientid>]<virtualhost>[..]
>> >
>> > David
>> >
>> > Visit our website at http://www.ubs.com
>> >
>> > This message contains confidential information and is intended only
>> > for the individual named.  If you are not the named addressee you
>> > should not disseminate, distribute or copy this e-mail.  Please
>> > notify
>>
>> > the sender immediately by e-mail if you have received this e-mail by
>
>> > mistake and delete this e-mail from your system.
>> >
>> > E-mails are not encrypted and cannot be guaranteed to be secure or
>> > error-free as information could be intercepted, corrupted, lost,
>> > destroyed, arrive late or incomplete, or contain viruses.  The
>> > sender therefore does not accept liability for any errors or
>> > omissions in the
>>
>> > contents of this message which arise as a result of e-mail
>> transmission.
>> > If verification is required please request a hard-copy version.
>> > This message is provided for informational purposes and should not
>> > be construed as a solicitation or offer to buy or sell any
>> > securities or related financial instruments.
>> >
>> >
>> > UBS reserves the right to retain all messages. Messages are
>> > protected and accessed only in legally justified cases.
>> >
>> >
>> > --------------------------------------------------------------------
>> > - To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
>> > additional commands, e-mail: users-help@qpid.apache.org
>> >
>> Visit our website at http://www.ubs.com
>>
>> This message contains confidential information and is intended only
>> for the individual named.  If you are not the named addressee you
>> should not disseminate, distribute or copy this e-mail.  Please notify
>
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system.
>>
>> E-mails are not encrypted and cannot be guaranteed to be secure or
>> error-free as information could be intercepted, corrupted, lost,
>> destroyed, arrive late or incomplete, or contain viruses.  The sender
>> therefore does not accept liability for any errors or omissions in the
>
>> contents of this message which arise as a result of e-mail
> transmission.
>> If verification is required please request a hard-copy version.  This
>> message is provided for informational purposes and should not be
>> construed as a solicitation or offer to buy or sell any securities or
>> related financial instruments.
>>
>>
>> UBS reserves the right to retain all messages. Messages are protected
>> and accessed only in legally justified cases.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
>> additional commands, e-mail: users-help@qpid.apache.org
>>
>>
> Visit our website at http://www.ubs.com
>
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mails are not encrypted and cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses.  The sender
> therefore does not accept liability for any errors or omissions in the
> contents of this message which arise as a result of e-mail transmission.
> If verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities
> or related financial instruments.
>
>
> UBS reserves the right to retain all messages. Messages are protected
> and accessed only in legally justified cases.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message