You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Vadzim (Jira)" <ji...@apache.org> on 2022/09/08 13:12:00 UTC

[jira] [Updated] (ARTEMIS-3974) Security issue with tempory queues

     [ https://issues.apache.org/jira/browse/ARTEMIS-3974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vadzim updated ARTEMIS-3974:
----------------------------
    Description: 
Hi, looks like there is serious issue with administrating temporary queues.
There is no way to limit clients for creating\reading tmp queues.
On one hand server has no ability to set limitation per user basis,
On other hand Artemis JMS client create UUID named generic queue.

I wonder will it be OK to add configurable tmp queue prefix for the JMS Client?
Will it work on server side?
Will you accept a code for  Artemis JMS Client that handles  tmp queue prefix?

The code to see:
{code:java}
org.apache.activemq.artemis.jms.client.ActiveMQSession#createTemporaryQueue()
org.apache.activemq.artemis.jms.client.ActiveMQDestination#createTemporaryQueue(org.apache.activemq.artemis.jms.client.ActiveMQSession){code}
{code:object}
public static ActiveMQTemporaryQueue createTemporaryQueue(final ActiveMQSession session) {
   String address = UUID.randomUUID().toString();
// configurable prefix + address here
   return createTemporaryQueue(address, session);
}{code}
Thanks for the great product.

 

  was:
Hi, looks like there is serious issue with administrating temporary queues.
There is no way to limit clients for creating\reading tmp queues.
On one hand server has no ability to set limitation per user basis,
On other hand Artemis JMS client create UUID named generic queue.

I wonder will it be OK to add configurable tmp queue prefix for the JMS Client?
Will it work on server side?
Will you accept a code for  Artemis JMS Client that handles  tmp queue prefix?

The code to see:
{code:java}
org.apache.activemq.artemis.jms.client.ActiveMQSession#createTemporaryQueue()
org.apache.activemq.artemis.jms.client.ActiveMQDestination#createTemporaryQueue(org.apache.activemq.artemis.jms.client.ActiveMQSession){code}
{code:java}

String address = UUID.randomUUID().toString();
// configurable prefix + address here
return createTemporaryQueue(address, session);{code}

Thanks for the great product.

 


> Security issue with tempory queues
> ----------------------------------
>
>                 Key: ARTEMIS-3974
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3974
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Vadzim
>            Priority: Major
>
> Hi, looks like there is serious issue with administrating temporary queues.
> There is no way to limit clients for creating\reading tmp queues.
> On one hand server has no ability to set limitation per user basis,
> On other hand Artemis JMS client create UUID named generic queue.
> I wonder will it be OK to add configurable tmp queue prefix for the JMS Client?
> Will it work on server side?
> Will you accept a code for  Artemis JMS Client that handles  tmp queue prefix?
> The code to see:
> {code:java}
> org.apache.activemq.artemis.jms.client.ActiveMQSession#createTemporaryQueue()
> org.apache.activemq.artemis.jms.client.ActiveMQDestination#createTemporaryQueue(org.apache.activemq.artemis.jms.client.ActiveMQSession){code}
> {code:object}
> public static ActiveMQTemporaryQueue createTemporaryQueue(final ActiveMQSession session) {
>    String address = UUID.randomUUID().toString();
> // configurable prefix + address here
>    return createTemporaryQueue(address, session);
> }{code}
> Thanks for the great product.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)