You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Timothy Bish (Commented) (JIRA)" <ji...@apache.org> on 2012/03/02 23:23:59 UTC
[jira] [Commented] (AMQ-1985) ActiveMQ Security - grant privileges
on ActiveMQ.Advisory.> by default
[ https://issues.apache.org/jira/browse/AMQ-1985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221308#comment-13221308 ]
Timothy Bish commented on AMQ-1985:
-----------------------------------
This is the intended behavior. Leaving the advisory message destinations open by default would create a security hole open to dos exploit through resource usage. Its important to understand the various options of the security scheme. Some additional documentation was added on this recently.
> ActiveMQ Security - grant privileges on ActiveMQ.Advisory.> by default
> ----------------------------------------------------------------------
>
> Key: AMQ-1985
> URL: https://issues.apache.org/jira/browse/AMQ-1985
> Project: ActiveMQ
> Issue Type: Improvement
> Components: Broker, Documentation
> Affects Versions: 5.1.0
> Reporter: Clayton McCarl
> Priority: Minor
> Fix For: 5.x
>
>
> from http://activemq.apache.org/security.html - Note that full access rights should always be given to the ActiveMQ.Advisory destinations, else your client will receive an exception stating it does not have access rights to these series of destinations.
> <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
> Can this be assumed behind the scenes? This was troubling as a new user adding security (especially before this was properly documented on Sept 15, 2008).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira