[prev in list] [next in list] [prev in thread] [next in thread]
List: openjms-developer
Subject: RE: [openjms-developer] OpenJms and Security
From: "Tim Anderson" <tma () netspace ! net ! au>
Date: 2003-07-22 15:52:03
[Download RAW message or body]
Cool! I've only had a quick glance but it looks promising.
Given the minimal schema changes, this could go into the 0.7.6 release.
We'd need to provide SQL scripts to add the new table and index, and update
the schema version no.
At this stage, I'm not too concerned about username and password being
transferred in plaintext, as the tcps or https connectors can be used if
this is an issue. However, it shouldn't be difficult to plugin encryption.
JDBM support is not required, as its being dropped post 0.7.6.
I'll have an in depth look at it tomorrow.
Regards,
Tim
-----Original Message-----
From: openjms-developer-admin@lists.sourceforge.net
[mailto:openjms-developer-admin@lists.sourceforge.net]On Behalf Of Knut at
work
Sent: Wednesday, 23 July 2003 4:10 AM
To: openjms-developer@lists.sourceforge.net
Subject: [openjms-developer] OpenJms and Security
Hello!
I have developed a solution for authentication of users in OpenJMS.
This is just a very first 'shot' and I would be pleased if any of you guys
who knows the code would be so kind to have a look. I have only studied the
source for a couple of days so maybe ive choosed some stupid solutions :-)
Limitations:
-By the time only authentication of user/password, nothing for Acl against
Queue/Topic.
-username/password are beeing transferd from client to server in plaintext
-Only implemented for the TCP-connector
-Only impl. for RDBMS and tested against MySql
The source is taken from the openjms-0.7.5-src.
Howto:
unpack openjms-0.7.5-src.zip
Unpack the src.zip to ../main/.. in openjms-0.7.5-src catalog
Unpack the config.zip to ../config in openjms-0.7.5-src catalog
and build.
Add suitable drivers for the DB
and run.
openjms.xml
-------------------
if you set <SecurityConfiguration enableSecurity="false"/> openjms should
behave ex. as before (i hope....)
Knut
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>Cool!
I've only had a quick glance but it looks promising.</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>Given
the minimal schema changes, this could go into the 0.7.6
release.</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>We'd
need to provide SQL scripts to add the new table and index, and
update</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>the
schema version no.</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>At
this stage, I'm not too concerned about username and password
being</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2>transferred in plaintext, as the tcps or https connectors can
be used if</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>this
is an issue. However, it shouldn't be difficult to plugin
encryption.</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>JDBM
support is not required, as its being dropped post 0.7.6.</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff size=2>I'll
have an in depth look at it tomorrow.</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2>Regards,</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2>Tim</FONT></SPAN></DIV>
<DIV><SPAN class=042173615-22072003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
openjms-developer-admin@lists.sourceforge.net
[mailto:openjms-developer-admin@lists.sourceforge.net]<B>On Behalf Of </B>Knut
at work<BR><B>Sent:</B> Wednesday, 23 July 2003 4:10 AM<BR><B>To:</B>
openjms-developer@lists.sourceforge.net<BR><B>Subject:</B> [openjms-developer]
OpenJms and Security<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Hello!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I have developed a solution for authentication of
users in OpenJMS.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>This is just a very first 'shot' and I would
be pleased if any of you guys who knows the code would be so kind to have a
look. I have only studied the source for a couple of days so maybe ive choosed
some stupid solutions :-)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Limitations:</FONT></DIV>
<DIV><FONT face=Arial size=2>-By the time only authentication of
user/password, nothing for Acl against Queue/Topic.</FONT></DIV>
<DIV><FONT face=Arial size=2>-username/password are beeing transferd from
client to server in plaintext</FONT></DIV>
<DIV><FONT face=Arial size=2>-Only implemented for the
TCP-connector</FONT></DIV>
<DIV><FONT face=Arial size=2>-Only impl. for RDBMS and tested against
MySql</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The source is taken from the
openjms-0.7.5-src.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Howto:</FONT></DIV>
<DIV><FONT face=Arial size=2>unpack openjms-0.7.5-src.zip</FONT></DIV>
<DIV><FONT face=Arial size=2>Unpack the src.zip to ../main/.. in
openjms-0.7.5-src catalog</FONT></DIV>
<DIV><FONT face=Arial size=2>Unpack the config.zip to ../config in
openjms-0.7.5-src catalog</FONT></DIV>
<DIV><FONT face=Arial size=2>and build.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Add suitable drivers for the DB</FONT></DIV>
<DIV><FONT face=Arial size=2>and run.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>openjms.xml</FONT></DIV>
<DIV><FONT face=Arial size=2>-------------------</FONT></DIV>
<DIV><FONT face=Arial size=2>if you set <SecurityConfiguration
enableSecurity="false"/> openjms should behave ex. as before (i
hope....)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Knut</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
openjms-developer mailing list
openjms-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openjms-developer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic