[rabbitmq-discuss] Behaviour when connecting with invalid credentials

David MacIver david at drmaciver.com
Thu May 6 17:44:10 BST 2010


On 6 May 2010 17:39, Matthew Sackman <matthew at lshift.net> wrote:
> On Thu, May 06, 2010 at 05:25:01PM +0100, David MacIver wrote:
>> If you use the Java client and try to connect to the rabbit server
>> with bad credentials (e.g. dodgy password, no permissions for the
>> vhost, user doesn't exist) you'll see the following:
>
> On 22nd July 2009, at 1:29pm, Tony Garnock-Jones wrote:
>> Authentication failures should be signalled to the client, either as
>> part of the protocol (e.g. explicit CONNECTION.CLOSE with some error
>> code), or through convention by client implementors: if the connection
>> is closed during auth exchange, that's a pretty clear signal of auth
>> failure, so it should be reported as such to callers.
>
> On 22nd July 2009, at 7:08pm, Matthias Radestock wrote:
>> Sending a connection.close would be in direct violation of an explicit
>> (and recent) instruction to the contrary in the protocol spec (0-9-1,
>> s2.2.4), and could cause (non-rabbit) clients to do all sorts of nasty
>> things.
>>
>> OTOH, as Tony points out, a client detecting a socket closure after it
>> has sent a connection.start-ok can fairly safely assume that the
>> reason is an authentication failure of some sort. So I suggest we
>> change all our clients to report the error with a "likely cause:
>> authentication failure" description (there are other possible causes
>> as well such as malformed framing, or the server or network dying for
>> some unrelated reason).

Ok. Thanks. I'll fix bunny to handle this.



More information about the rabbitmq-discuss mailing list