Alex Rudyy created QPID-7806:
--------------------------------
Summary: [Java Broker] [AMQP 1.0] Slow connection ticker should be
running until OPEN performative is received
Key: QPID-7806
URL: https://issues.apache.org/jira/browse/QPID-7806
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Affects Versions: qpid-java-broker-7.0.0
Reporter: Alex Rudyy
Slow connection ticker is running until one of the following condition is true:
* authenticated subject is set on a connection
* timeout expires
In AMQP 1.0 connection the subject is set on finishing SASL negotiation before
receiving AMQP header and OPEN performative. If client will not send AMQP
header or/and OPEN performative (or sending of them will take unreasonably long
of time) due to bug or malicious intention, the Broker might end up with not
fully established connections consuming system resources. We need to protect
Broker and run Slow connection ticker on AMQP 1.0 until OPEN is received and
idle timeout is negotiated.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
