Just wondering - considering where a number of committers work. Why not leverage hawt.io as a new console?
John On Thu, Sep 29, 2016 at 7:45 PM Jim Gomes <[email protected]> wrote: > Thanks for getting the discussion going again. You bring up some > interesting points. As stale as the console may be, I still find it > incredibly useful, and would hope that it will remain until a replacement > option is available. I have found moving to Apache Artemis to feel like > I'm moving backwards because there is no admin console for it. > > For those that may view it as a security risk, it is a simple matter to > disable it. If it were to be replaced, what would be some potential > replacements? Could the most vulnerable parts of it be removed while still > remaining useful? I mostly use it for knowing what clients are connected, > how many messages have been sent to destinations, and things like that. I > can't see how those limited functions would be difficult to keep, nor how > they could be a security issue. > > On Wed, Sep 28, 2016 at 8:18 AM Christopher Shannon < > [email protected]> wrote: > > > First, I know this topic was brought up back in January 2014 and there > were > > a lot of discussions about what to do about it and ultimately nothing > > happened. However, it has been nearly 3 years since the last time this > > subject was brought up and absolutely nothing has changed so I think it > is > > time to bring it up again and see what people's current opinions are. > > > > The Web Console is extremely out of date and since the last discussions > on > > the subject is still completely un-maintained. It is buggy and has had > > many security vulnerabilities that keep popping up including several that > > have been reported over the past year. In the past 3 years no one has > > shown any interest in contributing fixes to the console to maintain it. > > Essentially no work has gone into the console except for security fixes. > > > > Also, I know there was talk about moving it into a sub project however I > > don't think that really solves anything. The code would just be moved > to a > > new location and still be un-maintained and full of potential security > > vulnerabilities. > > > > So my preference would be just to EOL the console and remove it form > future > > versions. However, if there are people who really still want to keep it > > then at the very least I think it should go into a sub project along with > > some sort of warning that says it is deprecated and to use at your own > > risk, etc. > > > > Thoughts? > > >
