[rabbitmq-discuss] Implementation / Specification Stability?
cctrieloff at redhat.com
Tue Oct 23 18:46:57 BST 2007
Landon Fuller wrote:
> On Oct 23, 2007, at 03:40, Tony Garnock-Jones wrote:
>> Tony Garnock-Jones wrote:
>>> Perhaps have a realm for the services? Client users would be permitted
>>> only to write to exchanges/queues in the realm, and Server users would
>>> be permitted only to read (and of course to create
>>> queues/exchanges/bindings - this is the "active" permission).
>> Of course, clients need reply queues. You'd perhaps use either the
>> default realm, /data, for that, or set up a realm specifically for reply
>> queues, where the client user has active rights.
> OK -- I was not sure if multiple realms were considered a reasonable
> implementation strategy.
> As far as preventing clients from reading each other's reply queues,
> the best bet seems to be generating a 'securely' random queue name.
From the Spec side we are discussing doing this with RBAC in the
Security SIG for 0-11.
More information about the rabbitmq-discuss