[rabbitmq-discuss] Implementation / Specification Stability?

Tony Garnock-Jones tonyg at lshift.net
Tue Oct 23 11:37:52 BST 2007


Landon Fuller wrote:
> Have you delved into security?  That's my next concern -- how to prevent
> a client/peer from reading requests off of the RPC service queue?

Perhaps have a realm for the services? Client users would be permitted
only to write to exchanges/queues in the realm, and Server users would
be permitted only to read (and of course to create
queues/exchanges/bindings - this is the "active" permission).

http://www.rabbitmq.com/admin-guide.html#set_permissions contains info
on using the admin tool to configure realms and permissions. I'm
imagining something like:

rabbitmqctl add_realm / /data/services

rabbitmqctl add_user serviceuser pass1
rabbitmqctl map_user_vhost serviceuser /
rabbitmqctl set_permissions serviceuser / /data/services \
  active passive write read

rabbitmqctl add_user clientuser pass2
rabbitmqctl map_user_vhost clientuser /
rabbitmqctl set_permissions clientuser / /data/services \
  passive write

rabbitmqctl list_vhost_users /
rabbitmqctl list_realms /
rabbitmqctl list_permissions serviceuser /
rabbitmqctl list_permissions clientuser /


Regards,
  Tony
-- 
 [][][] Tony Garnock-Jones     | Mob: +44 (0)7905 974 211
   [][] LShift Ltd             | Tel: +44 (0)20 7729 7060
 []  [] http://www.lshift.net/ | Email: tonyg at lshift.net




More information about the rabbitmq-discuss mailing list