[rabbitmq-discuss] Wild Rabbits
Tony Garnock-Jones
tonyg at lshift.net
Mon Dec 3 10:33:11 GMT 2007
Hi David,
David Pollak wrote:
> What are the
> security ramifications of a RabbitMQ instance in the wild being able to
> receive messages from any old client and routing those messages. Is it
> possible to filter the routing so malicious messages do not get sent
> from one client to another?
Interesting. You'd have to do that on an application level at present -
extracting messages from some intermediate queue, filtering, and
submitting again targetted at the ultimate recipients - but with a bit
of hacking on the erlang, you could send any delivered message through
an erlang-language filtering routine.
AMQP doesn't have any notion of global addressing or federation at
0-8/0-9 level, so there's no possibility of ending up with an SMTP-style
spam relay.
> Also, can the clients connect to RabbitMQ through an HTTP connection as
> an alternative to the standard AMPQ port? Some corporate firewalls make
> it challenging to connect to anything other than an HTTP server.
If you like, you can set up the broker to listen on a non-standard port
as well as or instead of the default. Set the NODE_PORT environment
variable to 80 before starting the broker, or edit the rabbitmq-server
script to add extra TCP endpoints to the "-rabbit tcp_listeners ..." line.
Regards,
Tony
--
[][][] Tony Garnock-Jones | Mob: +44 (0)7905 974 211
[][] LShift Ltd | Tel: +44 (0)20 7729 7060
[] [] http://www.lshift.net/ | Email: tonyg at lshift.net
More information about the rabbitmq-discuss
mailing list