[rabbitmq-discuss] Wild Rabbits

David Pollak feeder.of.the.bears at gmail.com
Mon Dec 3 14:44:09 GMT 2007


Tony,

On Dec 3, 2007 2:33 AM, Tony Garnock-Jones <tonyg at lshift.net> wrote:

> Hi David,
>
> David Pollak wrote:
> > What are the
> > security ramifications of a RabbitMQ instance in the wild being able to
> > receive messages from any old client and routing those messages.   Is it
> > possible to filter the routing so malicious messages do not get sent
> > from one client to another?
>
> Interesting. You'd have to do that on an application level at present -
> extracting messages from some intermediate queue, filtering, and
> submitting again targetted at the ultimate recipients - but with a bit
> of hacking on the erlang, you could send any delivered message through
> an erlang-language filtering routine.
>
> AMQP doesn't have any notion of global addressing or federation at
> 0-8/0-9 level, so there's no possibility of ending up with an SMTP-style
> spam relay.


There will be cases when the system will distribute  the "address" of one
client to another so that they may send each other messages directly.
Perhaps I should set this up so that they have temporary (conversation
specific) address to communicate and the address is destroyed when the
conversation ends.

>
>
> > Also, can the clients connect to RabbitMQ through an HTTP connection as
> > an alternative to the standard AMPQ port?  Some corporate firewalls make
> > it challenging to connect to anything other than an HTTP server.
>
> If you like, you can set up the broker to listen on a non-standard port
> as well as or instead of the default. Set the NODE_PORT environment
> variable to 80 before starting the broker, or edit the rabbitmq-server
> script to add extra TCP endpoints to the "-rabbit tcp_listeners ..." line.


I'm not sure that works so well.  Many corporate firewalls have HTTP
proxies.  They expect well formed HTTP.

I'll noodle on this issue a little bit and maybe come up with a solution.

Thanks,

David


>
>
> Regards,
>  Tony
> --
>  [][][] Tony Garnock-Jones     | Mob: +44 (0)7905 974 211
>   [][] LShift Ltd             | Tel: +44 (0)20 7729 7060
>  []  [] http://www.lshift.net/ | Email: tonyg at lshift.net
>



-- 
lift, the secure, simple, powerful web framework http://liftweb.net
Collaborative Task Management http://much4.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20071203/dbf0019a/attachment.htm 


More information about the rabbitmq-discuss mailing list