You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by Claus Ibsen <cl...@gmail.com> on 2012/10/22 14:05:23 UTC

[DISCUSS] - ActiveMQ out of the box - Should not include the demos

Hi

1)
If you run ActiveMQ out of the box, eg by bin/activemq from the binary
distribution. Then it startup with the demo applications.

I would suggest to let the out of the box startup be just the broker +
web console. If people would like to run the demo applications, then
they can run the broker by passing in a different broker configuration
file. I can't remember the exact command.

And we can document in the README.txt and user-guide-html how to do that.

One of the reason is the fact IMHO the broker should out of the box
not expose demo applications, and as well introduce any
vulnerabilities that the demo applications may impose on running a
broker. Also people would have to disable the demo applications
manually etc.


2)
The web console should require login like Apache Tomcat does.
Currently the web console has not authentication enabled. I think we
should do like Apache Tomcat manager web console, that requires end
users to enable this (in the users.properties file for Tomcat). We can
require people to do something similar for ActiveMQ.

Then the out of the box distro of AMQ is more secure, which IMHO is
better practice that what we have today.


Any thoughts.



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Re: [DISCUSS] - ActiveMQ out of the box - Should not include the demos

Posted by Hiram Chirino <hi...@hiramchirino.com>.

+1

I would even go a step further and say we should generate a securer
(unique) ssl key store for each broker instance and enable ssl by default.
 That would require running a command to complete setup or to create a new
broker instance similar to how Apollo creates new broker instances.



On Mon, Oct 22, 2012 at 8:05 AM, Claus Ibsen <cl...@gmail.com> wrote:

> Hi
>
> 1)
> If you run ActiveMQ out of the box, eg by bin/activemq from the binary
> distribution. Then it startup with the demo applications.
>
> I would suggest to let the out of the box startup be just the broker +
> web console. If people would like to run the demo applications, then
> they can run the broker by passing in a different broker configuration
> file. I can't remember the exact command.
>
> And we can document in the README.txt and user-guide-html how to do that.
>
> One of the reason is the fact IMHO the broker should out of the box
> not expose demo applications, and as well introduce any
> vulnerabilities that the demo applications may impose on running a
> broker. Also people would have to disable the demo applications
> manually etc.
>
>
> 2)
> The web console should require login like Apache Tomcat does.
> Currently the web console has not authentication enabled. I think we
> should do like Apache Tomcat manager web console, that requires end
> users to enable this (in the users.properties file for Tomcat). We can
> require people to do something similar for ActiveMQ.
>
> Then the out of the box distro of AMQ is more secure, which IMHO is
> better practice that what we have today.
>
>
> Any thoughts.
>
>
>
> --
> Claus Ibsen
> -----------------
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Email: cibsen@redhat.com
> Web: http://fusesource.com
> Twitter: davsclaus
> Blog: http://davsclaus.com
> Author of Camel in Action: http://www.manning.com/ibsen
>



-- 

**

*Hiram Chirino*

*Engineering | Red Hat, Inc.*

*hchirino@redhat.com <hc...@redhat.com> | fusesource.com | redhat.com*

*skype: hiramchirino | twitter: @hiramchirino<http://twitter.com/hiramchirino>
*

*blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*

Re: [DISCUSS] - ActiveMQ out of the box - Should not include the demos

Posted by Claus Ibsen <cl...@gmail.com>.

Hi

I logged a ticket about this
https://issues.apache.org/jira/browse/AMQ-4124

On Mon, Oct 22, 2012 at 2:05 PM, Claus Ibsen <cl...@gmail.com> wrote:
> Hi
>
> 1)
> If you run ActiveMQ out of the box, eg by bin/activemq from the binary
> distribution. Then it startup with the demo applications.
>
> I would suggest to let the out of the box startup be just the broker +
> web console. If people would like to run the demo applications, then
> they can run the broker by passing in a different broker configuration
> file. I can't remember the exact command.
>
> And we can document in the README.txt and user-guide-html how to do that.
>
> One of the reason is the fact IMHO the broker should out of the box
> not expose demo applications, and as well introduce any
> vulnerabilities that the demo applications may impose on running a
> broker. Also people would have to disable the demo applications
> manually etc.
>
>
> 2)
> The web console should require login like Apache Tomcat does.
> Currently the web console has not authentication enabled. I think we
> should do like Apache Tomcat manager web console, that requires end
> users to enable this (in the users.properties file for Tomcat). We can
> require people to do something similar for ActiveMQ.
>
> Then the out of the box distro of AMQ is more secure, which IMHO is
> better practice that what we have today.
>
>
> Any thoughts.
>
>
>
> --
> Claus Ibsen
> -----------------
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Email: cibsen@redhat.com
> Web: http://fusesource.com
> Twitter: davsclaus
> Blog: http://davsclaus.com
> Author of Camel in Action: http://www.manning.com/ibsen



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen