Hi Tim, The main reason for setting a TTL on messages is to protect the broker’s database from filling up. If the broker does not honor that, than it is prone to a denial-of-service. All it takes is a user that does not acknowledge messages.
This is a very serious flaw in ActiveMQ that anyone can easily exploit. Or are there other protections against this? The only option we see is setting some queue policies but these would only work effectively if splitting the MKahaDB into a database for each user (because old messages prevent the redo logs from being deleted) , which would be crazy. You said “Once it's been delivered, it's outside of the broker's control and is the client's responsibility to deal with appropriately.” A broker can’t rely on clients to behave appropriately. On the contrary, it has to protect itself from those very clients that do not. Not only that, but this statement seems to contradict your opinion that the message should not be expired: if you consider the message out of the broker’s control, why would you still keep it in the broker in violation of the TTL set by the producer? - Ajit ----- Ajit Mahadik -- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
