Hi Aleski,
inlined:
On 21 Apr 2006, at 11:18, Aleksi Kallio wrote:
I went through the ActiveMQ 4.0 RC2 code, checking how temporary
topics are implemented. They seem to be regular topics, with
generated pseudo-random topic names. Names are created by
concatenating the connection identifier and a counter number. Is
this correct?
Yes - this is correct!
Is there a possibility of name-clashes between two clients? Or does
the connection identifier take care of this?
A connection has to have a unique id - see below
How hard it is to wiretap a temporary topic? If I understood
correctly, broker does not dispatch messages to clients not
listening to given topic. So wiretapping requires knowing/guessing
temp topic names, correct?
It's not hard to wire tap any destination to be honest. You can
simply subscribe to any topic/queue using a wilcard - e.g. ">".
However - this is where security comes in. If you configure security
- see: http://www.activemq.org/Security - then you can restrict users
to what they can listen to.
I'm a bit worried on this because incremental counter is used to
generate topic names. Guessing the name of a temp topic created by
another client is quite easy. Why a cryptographically strong pseudo
random number is not used instead? In Java they can be obtained
very easily by using java.util.UUID.
The uniqueness comes from the connectionId - which is globally unique
= using a similar algorithm to java.util.UUID. BTW - activemq has to
be Java 1.4 compatible (J2EE 1.4) - so we can't use java.util.UUID
directly.
cheers.
Rob
