7 Replies Latest reply on Nov 20, 2012 3:23 AM by amperdaar S

    Security on Addresses

    halfpad Newbie

      Hi

       

      I am looking at HornetQ without JMS as a possible messaging solution for a system we are designing.

       

      I am trying to identify possible security problems of using queues.

       

      In my design I have a service behind a firewall with a queue for incoming messages from clients and multiple queues for outgoing messages to clients, one queue for each client. The outgoing queues are connected to the one address (say Address A) defined on the service. Each client must not be able to consume messages intended for another client. For this not to happen by default, I could add a filter to each of the queues, only allowing messages for the client it repressents to pass through.

       

      The problems I have are:

      1) If I create a consumer on a hacker client that consumes messages from Address A, this client will be able to intercept messages that were suppose to go to other clients.

      2) If this hacker client creates a consumer of the address of queue going to the service, it will also be able to intercept those messages.

       

      Are these concerns valid? And if they are, are there any solutions for them?

       

      I also have a third question: I could see from the documentation how to add a filter to a queue using the xml files, but how could I add a filter programitically?

       

      Thanks!