[rabbitmq-discuss] Client IP based user login permissions
Oren Shomron
shomron at gmail.com
Fri Mar 11 16:43:25 GMT 2011
Hi Simon,
My use case is something like this:
I'm working on a distributed system, which consists of externally facing
HTTP servers that can kick off events through RabbitMQ, as well as
internally facing components which need to react to those external events
but also send internal privileged events to each other.
I am trying to protect against a situation where a compromised external HTTP
server could send privileged events to our internal components.
Right now I have created two users and two exchanges, one for internal and
one external.
The external user can only post to the external exchange. I have an internal
component bound to the external exchange which performs validation on those
incoming events before forwarding them on to the internal exchange. The rest
of the internal components only bind to the internal exchange and know that
the events they receive have been validated.
I would like another line of defense - if the external machine were
compromised and the internal rabbit user's credentials were stolen somehow,
there's nothing stopping that external machine from using those internal
credentials and compromising the whole system. The firewall allows that
machine to talk to RabbitMQ, but no one is enforcing that only the correct,
limited user can log in over that channel.
The only way I see of doing it right now would be to have completely
separate RabbitMQ instances, and have that validation component talk to both
instances and forward between them, but this would increase complexity.
Let me know if that makes any sense.
Thanks in advance!
- Oren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20110311/3456f98c/attachment.htm>
More information about the rabbitmq-discuss
mailing list