[rabbitmq-discuss] Why do we need rabbitmq-web-stomp and why not rabitmq-web-amqp (over websockets)?

Marek Majkowski majek04 at gmail.com
Mon Jul 30 10:53:25 BST 2012


On Fri, Jul 27, 2012 at 6:19 PM, Paddy Carman <paddy.carman at gmail.com> wrote:
> Hi Francesco,
>     Thanks.
>     Why is it a bad idea to expose AMQP to web clients? I see at least one
> company betting on it:  http://kaazing.com/products/amqp-edition

Oh boy, this is a long topic. To mention a few issues:

1) Resource usage is pretty much unlimited for an AMQP client.
(consider creating 1M queues, sending tremendous amount
of durable messages or opening 65K channels)

2) The security model of AMQP is inadequate for the browser
world, where the browser is basically untrusted.

3) The protocol is overcomplicated for the browser needs. Do you
really need an 'unsigned int' type in JavaScript?

I personally think the fact that AMQP is assuming trusted
clients, and on the web the opposite is true, is basically
a show stopper.

STOMP doesn't solve all this issues (security model
is similar, for example), but at least it's way simpler
to reason about. (lack of channels is one example of that)

In my ideal world the RabbitMQ-web-stomp would be
limited to only consuming messages, to avoid problem
mentioned in 1), but this would limit its functionality
too much, so we decided not to pursue this.

Marek


More information about the rabbitmq-discuss mailing list