[rabbitmq-discuss] Securing RabbitMQ
Bell, Paul M.
pbell at syncsort.com
Wed Feb 1 19:57:55 GMT 2012
Thanks again, Simon.
Some idle replies, and one more question, in-line...
From: rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of Simon MacMullen
Sent: Tuesday, January 31, 2012 5:41 AM
To: rabbitmq-discuss at lists.rabbitmq.com
Subject: Re: [rabbitmq-discuss] Securing RabbitMQ
On 30/01/12 23:36, Alexandru Scvortov wrote:
> (posting again to the m/l)
>> Quick q: does RabbitMQ allow presenting a hashed password?
> No. The authentication system is pluggable, though, so you could
> easily write your own mechanism (see the src/rabbit_auth_mechanism_
> files in the broker source tree for examples).
>More specifically I didn't think it worth doing this since it would tie
>authentication to the current password hashing scheme, and if you want
>to avoid sending passwords in plaintext you probably want to avoid
>sending anything in plaintext - so you should use SSL.
Agreed. But I am pretty sure that this is what NetApp implemented. So they're stuck with MD5.
>Actually, you don't want to just "present a hashed password" since that
>implies you are storing the hashed password at the client, which implies
>that it's not really hashed any more...
I suppose you mean that the client must be able to present it as clear text to the filer's MD5 algorithm.
My question: is it possible to adjust the "concurrency" of a consumer in real time? That is, when I create a consumer with
Consumer consumer = new Consumer("q1", "q1", 3);
I get a single consumer that runs 3 threads. Can I adjust this "3" dynamically?
>At one point I tried to invent a challenge response protocol that would
>work with salted hashes, but then I came to my senses and realised I
>should leave crypto protocol design to people who know what they're doing.
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
The information contained in this message (including any files transmitted with this message) may contain proprietary, trade secret or other confidential and/or legally privileged information. Any pricing information contained in this message or in any files transmitted with this message is always confidential and cannot be shared with any third parties without prior written approval from Syncsort. This message is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any use, disclosure, copying or distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or Syncsort and destroy all copies of this message in your possession, custody or control.
More information about the rabbitmq-discuss