John, you'd have to search the archives but if you look at the history Hawt.io was brought in as the console but backed out. I think there was disagreement about having a RH product as part of the distribution or something like that with branding. This was before my time contributing so someone who was involved with the discussions back then can probably chime in. I know there was quite a large discussion on the issue.
I do agree with Jim that having a console is useful but I would prefer to have something 3rd party as a console whether that is Hawt.io or something else. I personally would love to just use Hawt.io and I think it is a good product (and I don't work for RH). However even if we don't bundle Hawt.io with ActiveMQ users can still use it, they just have to install it separate. Ultimately just don't think we should be in the business of trying to provide a web console (or any software for that matter) if we aren't going to provide any support for it as it will just stay buggy and vulnerable to exploits. This also brings up another point...I suppose we should look into some sort of web console support for Artemis as well (ie writing a plugin for Hawt.io, etc) On Thu, Sep 29, 2016 at 9:47 PM, John D. Ament <[email protected]> wrote: > Just wondering - considering where a number of committers work. Why not > leverage hawt.io as a new console? > > John > > On Thu, Sep 29, 2016 at 7:45 PM Jim Gomes <[email protected]> wrote: > > > Thanks for getting the discussion going again. You bring up some > > interesting points. As stale as the console may be, I still find it > > incredibly useful, and would hope that it will remain until a replacement > > option is available. I have found moving to Apache Artemis to feel like > > I'm moving backwards because there is no admin console for it. > > > > For those that may view it as a security risk, it is a simple matter to > > disable it. If it were to be replaced, what would be some potential > > replacements? Could the most vulnerable parts of it be removed while > still > > remaining useful? I mostly use it for knowing what clients are > connected, > > how many messages have been sent to destinations, and things like that. I > > can't see how those limited functions would be difficult to keep, nor how > > they could be a security issue. > > > > On Wed, Sep 28, 2016 at 8:18 AM Christopher Shannon < > > [email protected]> wrote: > > > > > First, I know this topic was brought up back in January 2014 and there > > were > > > a lot of discussions about what to do about it and ultimately nothing > > > happened. However, it has been nearly 3 years since the last time this > > > subject was brought up and absolutely nothing has changed so I think it > > is > > > time to bring it up again and see what people's current opinions are. > > > > > > The Web Console is extremely out of date and since the last discussions > > on > > > the subject is still completely un-maintained. It is buggy and has had > > > many security vulnerabilities that keep popping up including several > that > > > have been reported over the past year. In the past 3 years no one has > > > shown any interest in contributing fixes to the console to maintain it. > > > Essentially no work has gone into the console except for security > fixes. > > > > > > Also, I know there was talk about moving it into a sub project however > I > > > don't think that really solves anything. The code would just be moved > > to a > > > new location and still be un-maintained and full of potential security > > > vulnerabilities. > > > > > > So my preference would be just to EOL the console and remove it form > > future > > > versions. However, if there are people who really still want to keep it > > > then at the very least I think it should go into a sub project along > with > > > some sort of warning that says it is deprecated and to use at your own > > > risk, etc. > > > > > > Thoughts? > > > > > >
