You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Vadzim (Jira)" <ji...@apache.org> on 2022/09/08 13:10:00 UTC

[jira] [Created] (ARTEMIS-3974) Security issue with tempory queues

Vadzim created ARTEMIS-3974:
-------------------------------

             Summary: Security issue with tempory queues
                 Key: ARTEMIS-3974
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3974
             Project: ActiveMQ Artemis
          Issue Type: Bug
            Reporter: Vadzim


Hi, looks like there is serious issue with administrating temporary queues.
There is no way to limit clients for creating\reading tmp queues.
On one hand server has no ability to set limitation per user basis,
On other hand Artemis JMS client create UUID named generic queue.

I wonder will it be OK to add configurable tmp queue prefix for the JMS Client?
Will it work on server side?
Will you accept a code for  Artemis JMS Client that handles  tmp queue prefix?

The code to see:
{code:java}
org.apache.activemq.artemis.jms.client.ActiveMQSession#createTemporaryQueue()
org.apache.activemq.artemis.jms.client.ActiveMQDestination#createTemporaryQueue(org.apache.activemq.artemis.jms.client.ActiveMQSession){code}
{code:java}

String address = UUID.randomUUID().toString();
// configurable prefix + address here
return createTemporaryQueue(address, session);{code}

Thanks for the great product.

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)