Thanks Emile. This is great feedback. I will spend some more time on the Access control rules to determine if they are sufficient for our scenario.<br><br>regards,<br>Dharshan<br><a href="http://www.scalegrid.net">www.scalegrid.net</a><br>
(Services for the private cloud)<br><br><br><div class="gmail_quote">On Mon, Aug 20, 2012 at 2:23 AM, Emile Joubert <span dir="ltr"><<a href="mailto:emile@rabbitmq.com" target="_blank">emile@rabbitmq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
On 19/08/12 22:31, dharshanr wrote:<br>
> 1. A virtual host and user for every client. This way each client<br>
> connects to its virtual host using its own username password. Also if<br>
> one clients username/password gets compromised it wont affect the other<br>
> clients.<br>
> 2. One queue per virtual host called the "Client messaging queue". The<br>
> client waits for messages on this queue after connecting to the virtual host<br>
> 3. When the server wants to message a client it creates an unnamed queue<br>
> in the virtual host of the client (as the reply queue) and then posts<br>
> messages to the "Client messaging queue". The client processes the<br>
> message and replies back on the tagged reply queue.<br>
<br>
Your suggested solution will work, but it suffers from the weakness that<br>
the server will need to maintain a separate connection to the broker for<br>
each vhost. Using separate vhost provides good isolation, but you may be<br>
able to get away with less by careful use of access control rules:<br>
<br>
<a href="http://www.rabbitmq.com/access-control.html" target="_blank">www.rabbitmq.com/access-control.html</a><br>
<br>