[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: Permissions on temporary destinations (JBMESSAGING-994)

[timfox]

"sergeypk" wrote : Currently, temporary destinations are assigned the default security configuration when they are created. This means that if I log in as a user who has less permissions than required by the default security configuration, and create a temporary destination, I can't access it afterwards.
  | 

When you say "access" do you mean send messages to, or consume messages from?

anonymous wrote : 
  | Something should be done about it. Here are some options:
  | 
  | 1) Skip permission checks on temporary destinations. Bad because there's a possibility of DoS attacks if someone guesses the temp destination name.
  | 
  | 

Not a good idea.

But the issue is not about guessing the temp destination name.

A valid use case would be sending messages to a topic with JMSReplyTo set, and only some users have rights to respond on the reply to destination.

In this case no guessing is necessary.

anonymous wrote : 
  | 2) Disallow creating temporary destinations that the logged-in user will not be able to use - doesn't solve the actual problem.
  | 

Which user are you referring to? The creator of the temp destination, or the consumer?

anonymous wrote : 
  | 3) Have some configuration mechanism for temporary destination permissions - not sure where it would go, to make it sufficiently flexible.
  | 

Temp destination security could be overridden in the connection factory. That's where the other temp destination attributes are overridden.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4055562#4055562

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4055562