[
https://issues.apache.org/jira/browse/AMQ-5160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14001995#comment-14001995
]
Dhiraj Bokde commented on AMQ-5160:
-----------------------------------
Hi [~surfnerd],
Thanks for validating PR22. If you tested with PR24 that should be good, since
it includes commits from PR22. We could just as well apply PR24 directly to
ActiveMQ trunk. Also, are you testing Virtual Topics too, it is a pretty cool
feature I added. I've written a post about it at
http://rockablogbaby.blogspot.com/2014/05/scalable-iot-integration-using-apache.html
Regards,
Dhiraj.
> Wildcard subscriptions bypass Authentication / Authorization
> ------------------------------------------------------------
>
> Key: AMQ-5160
> URL: https://issues.apache.org/jira/browse/AMQ-5160
> Project: ActiveMQ
> Issue Type: Bug
> Components: MQTT
> Affects Versions: 5.9.1
> Reporter: Surf
> Priority: Critical
> Labels: authentication, authorization, mqtt, security
> Fix For: 5.10.0
>
> Attachments: activemq.xml, groups.properties, login.config,
> patch.txt, users.properties
>
>
> I am using MQTT on AMQ 5.9.1
> After latest MQTT hardening from [~dhirajsb] , there is an issue of MQTT
> retained messages.
> Simple case:
> Set Authentication / Authorization for two different TOPICS.
> Send retained message to one topic.
> Try to subscribe "#" with other second user.
> It will show retained messages published by TOPIC 1.
> here i have attached test configurations.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
