ActiveMQ
  1. ActiveMQ
  2. AMQ-1985

ActiveMQ Security - grant privileges on ActiveMQ.Advisory.> by default

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 5.1.0
    • Fix Version/s: 5.x
    • Component/s: Broker, Documentation
    • Labels:
      None

      Description

      from http://activemq.apache.org/security.html - Note that full access rights should always be given to the ActiveMQ.Advisory destinations, else your client will receive an exception stating it does not have access rights to these series of destinations.

      <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>

      Can this be assumed behind the scenes? This was troubling as a new user adding security (especially before this was properly documented on Sept 15, 2008).

        Activity

        Clayton McCarl created issue -
        Clayton McCarl made changes -
        Field Original Value New Value
        Description from <a href="http://activemq.apache.org/security.html">http://activemq.apache.org/security.html&lt;/a> - Note that full access rights should always be given to the ActiveMQ.Advisory destinations, else your client will receive an exception stating it does not have access rights to these series of destinations.

        <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>

        Can this be assumed behind the scenes? This was troubling as a new user adding security (especially before this was properly documented on Sept 15, 2008).
        from http://activemq.apache.org/security.html - Note that full access rights should always be given to the ActiveMQ.Advisory destinations, else your client will receive an exception stating it does not have access rights to these series of destinations.

        <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>

        Can this be assumed behind the scenes? This was troubling as a new user adding security (especially before this was properly documented on Sept 15, 2008).
        Rob Davies made changes -
        Fix Version/s 5.4.1 [ 12332 ]
        Bruce Snyder made changes -
        Fix Version/s 5.4.1 [ 12332 ]
        Fix Version/s 5.5.0 [ 12344 ]
        Jeff Turner made changes -
        Project Import Fri Nov 26 22:32:02 EST 2010 [ 1290828722158 ]
        Dejan Bosanac made changes -
        Fix Version/s 5.5.0 [ 12315626 ]
        Fix Version/s 5.4.2 [ 12315625 ]
        Gary Tully made changes -
        Fix Version/s 5.6.0 [ 12316331 ]
        Fix Version/s 5.5.0 [ 12315626 ]
        Hide
        Timothy Bish added a comment -

        This is the intended behavior. Leaving the advisory message destinations open by default would create a security hole open to dos exploit through resource usage. Its important to understand the various options of the security scheme. Some additional documentation was added on this recently.

        Show
        Timothy Bish added a comment - This is the intended behavior. Leaving the advisory message destinations open by default would create a security hole open to dos exploit through resource usage. Its important to understand the various options of the security scheme. Some additional documentation was added on this recently.
        Timothy Bish made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Won't Fix [ 2 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Clayton McCarl
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development