I thought we agreed to use Thrift over TLS for all BAM events? I don't see how we can avoid that - this is secure, sensitive data. I don't believe the overhead will be too bad.
There's a nice blog on it too :-) http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/ Paul On 14 May 2012 14:06, Maninda Edirisooriya <[email protected]> wrote: > Yes. Your point is clear. I will do it only with IP and port of the thrift > server as you mentioned. But as we have talked off line there is a large > security hole there. Due to performance requirements we cannot implement > Thrift over a secure channel. A passive attacker can eavesdrop and and > active attacker can modify the content transmitted to the Thrift server as > the content is not encrypted or signed. > > > On Fri, May 11, 2012 at 7:17 PM, Amila Suriarachchi <[email protected]>wrote: > >> >> >> On Fri, May 11, 2012 at 5:17 PM, Paul Fremantle <[email protected]> wrote: >> >>> Wouldn't it be better to have the username/password, connection >>> properties stored elsewhere under a logical name (BAM Server) and the >>> mediator config to choose: >>> 1) which BAM server (i.e. which logical set, with a default) >>> 2) what to log (e.g. just standard stuff - response time etc) or whole >>> message or specific properties >>> >>> It doesn't seem right that I might add one BAM server and have to define >>> the URL, uid/pw in every flow. >>> >> >> +1. you can use the same concept we have used in CEP to define brokers >> and refer them in the bucket configurations. >> >> In the configuration, >> >> there is a Agent server URL and another port. This communication >> actually happens through thrift so you may not need a https address there. >> I think the only thing you need to have is Agent Host and port. >> >> thanks, >> Amila. >> >> >>> Paul >>> >>> On 11 May 2012 12:36, Tharindu Mathew <[email protected]> wrote: >>> >>>> Let's think about re-using the Activity Mediation BE as well... Someone >>>> may prefer to configure this and re-use in the mediator. >>>> >>>> >>>> On Fri, May 11, 2012 at 12:41 PM, Maninda Edirisooriya < >>>> [email protected]> wrote: >>>> >>>>> Here it is. Properties are not shown here but expect to include that >>>>> as a table as in the existing class mediator. >>>>> Feedbacks are welcome. >>>>> >>>>> >>>>> On Thu, May 10, 2012 at 9:43 PM, Tharindu Mathew <[email protected]>wrote: >>>>> >>>>>> Can you include a screen shot of how it looks through the Mediator UI? >>>>>> >>>>>> On Thu, May 10, 2012 at 7:23 PM, Maninda Edirisooriya < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> I am implementing a built in mediator for ESB as mediation data >>>>>>> agent for BAM. Already we have an existing class mediator for bam but >>>>>>> this >>>>>>> new BAM mediator will be a first class citizen in ESB which will enable >>>>>>> the >>>>>>> user to simply click and add the BAM mediator to the mediator sequence. >>>>>>> At the moment we have added a sketch of the code to >>>>>>> https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/mediators/bam/. >>>>>>> It is still not added to the main build. We have planned to add this to >>>>>>> the build after reviewing the code. >>>>>>> Basic architecture is given in >>>>>>> https://docs.google.com/a/wso2.com/document/d/1axpgrWv1bLCT_B-2U567LAIJO2ydO9-ckitjAXmYG8Q/edit >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>>>>> Tharindu >>>>>> >>>>>> blog: http://mackiemathew.com/ >>>>>> M: +94777759908 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> >>>> Tharindu >>>> >>>> blog: http://mackiemathew.com/ >>>> M: +94777759908 >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Paul Fremantle >>> CTO and Co-Founder, WSO2 >>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>> >>> UK: +44 207 096 0336 >>> US: +1 646 595 7614 >>> >>> blog: http://pzf.fremantle.org >>> twitter.com/pzfreo >>> [email protected] >>> >>> wso2.com Lean Enterprise Middleware >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Amila Suriarachchi* >> >> Software Architect >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 71 3082805 >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo [email protected] wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
