[rabbitmq-discuss] Can the consumer know who sent the message?
Matthew Sackman
matthew at rabbitmq.com
Tue Jun 1 15:53:21 BST 2010
Hi Bob,
On Fri, May 28, 2010 at 03:26:44PM -0500, Bob Goldstein wrote:
> Is there a way for the message consumer to know the rabbitmq userid of
> the process that sent the message?
No, not by default, and intentially not by design. Of course, there's
nothing to stop you putting any information, including userid, into any
of the headers, property tables, or even the payload, when publishing a
message.
> I realize there is the props hash, which has a user_id attribute.
> But I believe props is filled in by the sender, so the sender
> could forge anything.
Yes, exactly. But non-repudiation is really something that AMQP isn't
trying to solve anyway - if you want that, then you need to layer all
sorts of extra crypto on top anyway.
> The best I can figure is to create a queue, and make sure that a
> particular sender is the only one with privs to write to that queue.
> However, that seems cumbersome, fragile, and not particularly scalable.
Well, see above about doing it "properly", but you could have something
like an rpc service which hands out private/anonymous queues to
publishers and forwards the queue name to the consumer which is then
able to subscribe to the queue. There you'd be relying on the queue name
from being unforgeable, and as you say, you'd probably want to set up
some additional restrictions so that only the publisher in question can
publish. Queues aren't /that/ heavyweight - 10s of thousands are
perfectly feasible, but it depends on quite what your scalability
requirements are.
Matthew
More information about the rabbitmq-discuss
mailing list