[rabbitmq-discuss] Wild Rabbits

Tony Garnock-Jones tonyg at lshift.net
Mon Dec 3 10:33:11 GMT 2007


Hi David,

David Pollak wrote:
> What are the
> security ramifications of a RabbitMQ instance in the wild being able to
> receive messages from any old client and routing those messages.   Is it
> possible to filter the routing so malicious messages do not get sent
> from one client to another?

Interesting. You'd have to do that on an application level at present -
extracting messages from some intermediate queue, filtering, and
submitting again targetted at the ultimate recipients - but with a bit
of hacking on the erlang, you could send any delivered message through
an erlang-language filtering routine.

AMQP doesn't have any notion of global addressing or federation at
0-8/0-9 level, so there's no possibility of ending up with an SMTP-style
spam relay.

> Also, can the clients connect to RabbitMQ through an HTTP connection as
> an alternative to the standard AMPQ port?  Some corporate firewalls make
> it challenging to connect to anything other than an HTTP server.

If you like, you can set up the broker to listen on a non-standard port
as well as or instead of the default. Set the NODE_PORT environment
variable to 80 before starting the broker, or edit the rabbitmq-server
script to add extra TCP endpoints to the "-rabbit tcp_listeners ..." line.

Regards,
  Tony
-- 
 [][][] Tony Garnock-Jones     | Mob: +44 (0)7905 974 211
   [][] LShift Ltd             | Tel: +44 (0)20 7729 7060
 []  [] http://www.lshift.net/ | Email: tonyg at lshift.net




More information about the rabbitmq-discuss mailing list