+1 I would even go a step further and say we should generate a securer (unique) ssl key store for each broker instance and enable ssl by default. That would require running a command to complete setup or to create a new broker instance similar to how Apollo creates new broker instances.
On Mon, Oct 22, 2012 at 8:05 AM, Claus Ibsen <[email protected]> wrote: > Hi > > 1) > If you run ActiveMQ out of the box, eg by bin/activemq from the binary > distribution. Then it startup with the demo applications. > > I would suggest to let the out of the box startup be just the broker + > web console. If people would like to run the demo applications, then > they can run the broker by passing in a different broker configuration > file. I can't remember the exact command. > > And we can document in the README.txt and user-guide-html how to do that. > > One of the reason is the fact IMHO the broker should out of the box > not expose demo applications, and as well introduce any > vulnerabilities that the demo applications may impose on running a > broker. Also people would have to disable the demo applications > manually etc. > > > 2) > The web console should require login like Apache Tomcat does. > Currently the web console has not authentication enabled. I think we > should do like Apache Tomcat manager web console, that requires end > users to enable this (in the users.properties file for Tomcat). We can > require people to do something similar for ActiveMQ. > > Then the out of the box distro of AMQ is more secure, which IMHO is > better practice that what we have today. > > > Any thoughts. > > > > -- > Claus Ibsen > ----------------- > Red Hat, Inc. > FuseSource is now part of Red Hat > Email: [email protected] > Web: http://fusesource.com > Twitter: davsclaus > Blog: http://davsclaus.com > Author of Camel in Action: http://www.manning.com/ibsen > -- ** *Hiram Chirino* *Engineering | Red Hat, Inc.* *[email protected] <[email protected]> | fusesource.com | redhat.com* *skype: hiramchirino | twitter: @hiramchirino<http://twitter.com/hiramchirino> * *blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*
