Good feedback. Opened some issues to track. Feel free to add more as they come to mind.
https://issues.apache.org/jira/browse/APLO-11 https://issues.apache.org/jira/browse/APLO-12 Regards, Hiram FuseSource Web: http://fusesource.com/ Connect at CamelOne May 24-26 The Open Source Integration Conference On Tue, May 17, 2011 at 2:14 AM, Lionel Cons <[email protected]> wrote: > Hiram, > > First of all, thanks for starting to document the management interface. I > hope you will add the missing bits (e.g. get/update apollo.xml, shutdown the > broker...) soon. > > Here are some security related comments. > > Since credentials will be given in clear to the management interface (HTTP > basic authentication), Apollo should support SSL encryption for it. > > The current authorization scheme (allow users defined in broker.admin to do > everything) is not fine grain enough. At minimum, there should be the > possibility to have two different accesses: read-only (only get information > without changing the broker state) and read-write (such as restarting the > broker, changing its configuration, deleting a queue...). Note that the > broker configuration is very sensitive since it may contain clear text > passwords (e.g. <key_storage>) and security settings (who is allowed to do > what). > > Maybe the management interface should have its own fine grain access control > (a bit like httpd) so that one can specify at the URL level who can do what? > > The management interface will probably be extended to include what the > ActiveMQ web console provides today. If this is the case, actions such as > browsing a queue, inspecting a message, sending a message, etc. should be > controlled by the same per destination ACLs used by the STOMP access. > > Cheers, > > Lionel >
