[rabbitmq-discuss] Enforcing single connection to a queue

• Previous message: [rabbitmq-discuss] Enforcing single connection to a queue
• Next message: [rabbitmq-discuss] Enforcing single connection to a queue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19/04/12 21:27, RoLo wrote:
> I'm working on a project where we need to enforce only a single client
> connection to a queue.  Worse, the queue has to persist when the connection
> closes, which rules out using the exclusive bit as the AMQP spec states that
> an exclusive queue will always be auto-deleted when the client terminates
> session.

The way we always envisaged this working is:

* Don't allow any of your client users to connect to the management 
plugin (i.e. don't give them the "management", "monitoring" or 
"administrator" tags).

* Use cryptographically random queue names (such as server-generated names).

If the clients can't get into mgmt they can't list queues. And they 
can't guess another client's queue name. So each client can only see its 
own queue(s). If it wants to hand its queue names to other processes it 
can, but that's its business.

Inspired by: http://en.wikipedia.org/wiki/Capability-based_security

Cheers, Simon

-- 
Simon MacMullen
RabbitMQ, VMware

• Previous message: [rabbitmq-discuss] Enforcing single connection to a queue
• Next message: [rabbitmq-discuss] Enforcing single connection to a queue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]