[jira] [Resolved] (AMQNET-415) Client with wrong credentials overloads server when using failover

Tue, 26 Feb 2013 14:14:14 -0800 

     [ 
https://issues.apache.org/jira/browse/AMQNET-415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jim Gomes resolved AMQNET-415.
------------------------------

    Resolution: Fixed
    
> Client with wrong credentials overloads server when using failover
> ------------------------------------------------------------------
>
>                 Key: AMQNET-415
>                 URL: https://issues.apache.org/jira/browse/AMQNET-415
>             Project: ActiveMQ .Net
>          Issue Type: Bug
>          Components: ActiveMQ, NMS
>    Affects Versions: 1.5.6
>         Environment: ActiveMQ Broker 5.6.0
>            Reporter: Jim Gomes
>            Assignee: Jim Gomes
>            Priority: Minor
>              Labels: authentication, failover
>             Fix For: 1.5.7
>
>
> If the ActiveMQ broker has been secured to enforce login credentials, the NMS 
> client will continually attempt to authenticate against it if it is using the 
> failover protocol.
> Steps to Reproduce:
> ----------------------
> 1. Configure the broker to require login credentials for connections.
> 2. Configure the NMS client to use failover mode.
> 3. Configure the NMS client with incorrect login credentials.
> 4. Attempt to connect the NMS client to the server.
> Results:
> ----------------------
> The client reattempts login continuously without backing off, and has a 
> significant impact on the performance of the server.
> Expected:
> ----------------------
> The client should not enter failover, because it never successfully 
> connected, and it would never expect to connect.
> Notes:
> ----------------------
> This was experienced using the OpenWire client, but a similar bug may exist 
> in the STOMP client's failover code.
> The broker may also want to protect itself against this, as this is an easy 
> attack vector for a DDoS.  Just a couple of clients attempting to login with 
> invalid credentials can dramatically impact the server's performance, not 
> just the broker.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to