You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Rob (JIRA)" <ji...@apache.org> on 2010/02/05 16:40:32 UTC

[jira] Commented: (AMQ-2591) The ability to disable wildcards on a topic.

    [ https://issues.apache.org/activemq/browse/AMQ-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57404#action_57404 ] 

Rob commented on AMQ-2591:
--------------------------

I think the heart of the issue here is that security can be tricky with activemq (at least as far as locking down queues).

The idea for easy security was to use the browser session id as the queue name... like "A653D78C432AEEC38D142ACCD2703BAF.queue"

If the connection to the server was in SSL... there would be a very low risk of man in the middle attacks. Then to get your private messages you would just subscribe up to this session id queue name. Since it is very unlikely anyone could guess your session id... it would be very unlikely that anyone could guess your queue name. The idea would be that unless they knew your session id... they would have no idea which queue to subscribe to to eavesdrop on your messages. Along with this... we look at write only queues or topics for the server to listen to. That way people can publish messages upstream with their session id attached... however no body but the server could read them.

The point was brought up however... that AMQ lets you wildcard subscriptions. In this case... they could listen to all queues and would have no trouble finding your "private" queue.

I think the general hope is for a way to make a queue private without having to have an authentication mechanism for each individual user subscribing to queues. Our system for example has thousands of users all needing one private queue to receive "secret" messages on. It seems a little daunting to give each of these users unique passwords to access their queue.

If there was a way to stop wildcarding... are there other holes people see with this approach?

> The ability to disable wildcards on a topic.
> --------------------------------------------
>
>                 Key: AMQ-2591
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2591
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker, JMS client
>    Affects Versions: 5.3.0
>         Environment: windows xp
>            Reporter: adam i
>
> I've been doing some work with the orbited project. http://orbited.org/ . This provides a web based message consumer. The issue is since we have client side code calling a topic or queue they could easily just turn on the * and listen to everything. This is assuming of course we don't have security in place for each user. There are cases when someone would want to keep a topic private and in that case security can be used. There are also cases where you would want certain topics to be public. You don't want someone to do a topic/* and get all the messages from all the public topics. This feature would greatly enhance activemq's ability to work in the real time web.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.