[
https://issues.apache.org/jira/browse/QPID-6491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14492341#comment-14492341
]
Ted Ross commented on QPID-6491:
--------------------------------
The route-map feature is intended for situations where all of the brokers in
the federation are owned by the same organization. As such, I think your patch
is an improvement and should be merged into trunk.
In cases where different brokers have different owners (and different access
credentials), route-map should be (already is) prevented from reaching into
that part of the network. Of course, if the brokers are open to ANONYMOUS
access, then anyone can read that information.
The idea of getting credentials from QMF is a bad one as the security
implications are numerous.
> qpid-route map does not use any authentication when querying other brokers
> --------------------------------------------------------------------------
>
> Key: QPID-6491
> URL: https://issues.apache.org/jira/browse/QPID-6491
> Project: Qpid
> Issue Type: Bug
> Components: Python Tools
> Affects Versions: 0.30
> Reporter: Pavel Moravec
> Priority: Minor
> Attachments: QPID-6491.patch
>
>
> "qpid-route route map" during generating the federation topology connects to
> each and every broker in the federation to query it's federation peers. All
> such connections (except for the very first broker) are made as anonymous
> user only.
> It is requested the tool passes username, password and optionally also
> --client-sasl-mechanism parameter to all other brokers as well.
> (another option to this would be the tool gets the credentials info from the
> broker, but currently QMF response to links does not contain such info. This
> option would need much more code change also on broker side)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
