[rabbitmq-discuss] User Permissions

[Matthias Radestock]

On 30/01/13 19:33, Jerry Kuch wrote:
> I'd suggest you avoid the "generate obscure queue names"
> as a security policy.

That actually works pretty well as long as the names are 
cryptographically strong, since names of queues, exchanges, etc are not 
discoverable through AMQP or the various other messaging protocol 
RabbitMQ speaks; though they *are* visible in the management API.

Server-generated names (i.e. the ones a client gets back when declaring 
a queue with a blank name) fit that bill. So would client generated 
names that, say, were created by cryptographically hashing a salted 
client identify.

Things can get tricky though when it comes to remembering these names 
(or salts) across restarts of the app, and doing so in a sufficiently 
secure manner.

> You might also consider declaring *exclusive*
> queues which can only be used by the declaring consumer.

More precisely, exclusive queues are only accessible from the connection 
that declared them, and they get deleted when that connection terminates.

> Mixing those
> with the *auto-delete* property can be a convenient way to make
> transient, private queues that will go away when your consumer departs

Actually, "auto-delete" queues are typically shared between consumers on 
multiple connections (which implies that they cannot be exclusive 
queues), with the server deleting the queue when the last such consumer 
disappears.

Matthias.