qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Harvey <p...@philharveyonline.com>
Subject RE: How to encrypt user password in connection url
Date Sun, 09 Dec 2012 05:57:14 GMT
Hi David,

I was actually thinking containers such as WebSphere which allow JNDI
objects to be securely stored by an administrator. Sounds like that might
not be useful in your case though.

I don't know the best way of securely storing the connection URL in
Synapse. Writing a custom JMSListener may be an option. You could try
asking for advice on the Synapse mailing list.

Finally, note that Qpid does support client SSL authentication. This may
provide the level of security that you need. If you think this might be
useful we can help you set it up.

Incidentally, which version of the Qpid client and broker are you using?

Phil
On Dec 8, 2012 4:47 PM, <David.Hu@ubs.com> wrote:

> Hi, Phil,
>
> Thanks for the info.
>
> We are trying to embed qpid in Synapse where qpid connection information
> is stored in a property file in the format like -
>
> connectionfactory.QueueConnectionFactory =
> amqp://user:password@clientID/test?brokerlist=...
>
> So what you mean is that we need to create customized listener to read
> the property file and decrypt the password where the password can be
> encrypted?
>
> It seems out of the box in Synapse, it uses
> org.apache.axis2.transport.jms.JMSListener and there is no such an
> option.
>
> Thanks,
> David
>
>
>
> -----Original Message-----
> From: philharveyonline@googlemail.com
> [mailto:philharveyonline@googlemail.com] On Behalf Of Phil Harvey
> Sent: Saturday, December 08, 2012 2:11 AM
> To: users@qpid.apache.org
> Subject: Re: How to encrypt user password in connection url
>
> Hi David,
>
> I assume you're talking about encrypting the stored URL string, and not
> about encrypting the details sent over the wire to the broker.  I think
> the only way to do this is to store it in a secure JNDI context, e.g.
> one provided by a Java application server.  This is in line with the
> approach commonly taken for making JDBC connections from JEE apps.
>
> Phil
>
>
> On 8 December 2012 00:27, <David.Hu@ubs.com> wrote:
>
> > **
> > Hi, Guys,
> >
> > Is there a way to encrypt password in the connection URL below?
> >
> > amqp://[<user>:<pass>@][<clientid>]<virtualhost>[..]
> >
> > David
> >
> > Visit our website at http://www.ubs.com
> >
> > This message contains confidential information and is intended only
> > for the individual named.  If you are not the named addressee you
> > should not disseminate, distribute or copy this e-mail.  Please notify
>
> > the sender immediately by e-mail if you have received this e-mail by
> > mistake and delete this e-mail from your system.
> >
> > E-mails are not encrypted and cannot be guaranteed to be secure or
> > error-free as information could be intercepted, corrupted, lost,
> > destroyed, arrive late or incomplete, or contain viruses.  The sender
> > therefore does not accept liability for any errors or omissions in the
>
> > contents of this message which arise as a result of e-mail
> transmission.
> > If verification is required please request a hard-copy version.  This
> > message is provided for informational purposes and should not be
> > construed as a solicitation or offer to buy or sell any securities or
> > related financial instruments.
> >
> >
> > UBS reserves the right to retain all messages. Messages are protected
> > and accessed only in legally justified cases.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> > additional commands, e-mail: users-help@qpid.apache.org
> >
> Visit our website at http://www.ubs.com
>
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mails are not encrypted and cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses.  The sender
> therefore does not accept liability for any errors or omissions in the
> contents of this message which arise as a result of e-mail transmission.
> If verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities
> or related financial instruments.
>
>
> UBS reserves the right to retain all messages. Messages are protected
> and accessed only in legally justified cases.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message