qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-4022) C++ Broker connection limits by host ip and by user name can get confused
Date Fri, 08 Jun 2012 12:54:22 GMT

     [ https://issues.apache.org/jira/browse/QPID-4022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chuck Rolke updated QPID-4022:

    Attachment: QPID-4022-conn-limits-rev2-10-with-tests.patch

I put the last patch up for review a week ago but reviews are in Maintenance.

Here is the proposed patch, including fixes to the self tests.
> C++ Broker connection limits by host ip and by user name can get confused
> -------------------------------------------------------------------------
>                 Key: QPID-4022
>                 URL: https://issues.apache.org/jira/browse/QPID-4022
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.16
>            Reporter: Chuck Rolke
>            Assignee: Chuck Rolke
>         Attachments: QPID-4022-conn-limits-rev2-10-with-tests.patch
> The current ACL module uses the ConnectionObserver to watch the life cycle of connections.
It tries to disallow the creation of too many connections by a user or from an IP address.
However, the method is uses is flawed especially in the cluster case.
> A better strategy to use it to provide approvers in the ConnectionObserver scheme and
then to call them:
> 1. Limits by IP address are disapproved in the ConnectionFactories. If the limit is reached
then the factory does not create the connection codec and the connection never begins a life
cycle. This is enforced at the same point in code as the per-broker --max-connection limit
using similar enforcement methods.
> 2. Limits by user name are disapproved at the same point as user authentication happens.
Details to follow.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message