Password security using JMS Request-Reply

Question

I am implementing a Request-Reply pattern using JMS (ActiveMQ) as a logon service. It all works well. I send the username and password in the message and then check the encrypted version of the password with the encryption in the database. I use JASPYT for this part.

My worry is sending the unencrypted password over JMS. Would I face any security compromises with such practise? Unfortunately, JASPYT library doesn't allow me to compare a digest with another digest, only an original password with a saved digest; which is why I am sending the password over the wire.

Is it possible for the message to be intercepted and for username / passwords to be compromised? Is there a safer way to do this assuming that JMS is my implementation or R-R?

Thanks for your help.

Answer 1

You should probably consider using some sort of salting scheme if you are concerned about sending unencrypted passwords over the wire.

As Petter suggests, SLL is the way to go to make sure that the password isn't sniffed over the wire; that would need to be implemented on both the client (producer) and the service (consumer).

ActiveMQ does have certain facilities (virtual/composite destinations, mirrored queues) that might allow messages to be wiretapped at the broker level, but these require changes to the broker configuration. As long as your config is locked down, you shouldn't have any issues.

Answer 2

As when sending passwords over http, you should use SSL to secure the transport channel.

ActiveMQ and SSL