[rabbitmq-discuss] Enforcing single connection to a queue
Simon MacMullen
simon at rabbitmq.com
Fri Apr 20 11:20:32 BST 2012
On 19/04/12 21:27, RoLo wrote:
> I'm working on a project where we need to enforce only a single client
> connection to a queue. Worse, the queue has to persist when the connection
> closes, which rules out using the exclusive bit as the AMQP spec states that
> an exclusive queue will always be auto-deleted when the client terminates
> session.
The way we always envisaged this working is:
* Don't allow any of your client users to connect to the management
plugin (i.e. don't give them the "management", "monitoring" or
"administrator" tags).
* Use cryptographically random queue names (such as server-generated names).
If the clients can't get into mgmt they can't list queues. And they
can't guess another client's queue name. So each client can only see its
own queue(s). If it wants to hand its queue names to other processes it
can, but that's its business.
Inspired by: http://en.wikipedia.org/wiki/Capability-based_security
Cheers, Simon
--
Simon MacMullen
RabbitMQ, VMware
More information about the rabbitmq-discuss
mailing list