[rabbitmq-discuss] Implementation / Specification Stability?
Carl Trieloff
cctrieloff at redhat.com
Tue Oct 23 18:46:57 BST 2007
Landon Fuller wrote:
>
> On Oct 23, 2007, at 03:40, Tony Garnock-Jones wrote:
>
>> Tony Garnock-Jones wrote:
>>> Perhaps have a realm for the services? Client users would be permitted
>>> only to write to exchanges/queues in the realm, and Server users would
>>> be permitted only to read (and of course to create
>>> queues/exchanges/bindings - this is the "active" permission).
>>
>> Of course, clients need reply queues. You'd perhaps use either the
>> default realm, /data, for that, or set up a realm specifically for reply
>> queues, where the client user has active rights.
>
> OK -- I was not sure if multiple realms were considered a reasonable
> implementation strategy.
>
> As far as preventing clients from reading each other's reply queues,
> the best bet seems to be generating a 'securely' random queue name.
>
From the Spec side we are discussing doing this with RBAC in the
Security SIG for 0-11.
Carl.
More information about the rabbitmq-discuss
mailing list