[rabbitmq-discuss] Securing RabbitMQ

Bell, Paul M. pbell at syncsort.com
Wed Feb 1 19:57:55 GMT 2012


Thanks again, Simon.

Some idle replies, and one more question, in-line...

-----Original Message-----
From: rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of Simon MacMullen
Sent: Tuesday, January 31, 2012 5:41 AM
To: rabbitmq-discuss at lists.rabbitmq.com
Subject: Re: [rabbitmq-discuss] Securing RabbitMQ

On 30/01/12 23:36, Alexandru Scvortov wrote:
> (posting again to the m/l)
>
>> Quick q: does RabbitMQ allow presenting a hashed password?
>
> No.  The authentication system is pluggable, though, so you could
> easily write your own mechanism (see the src/rabbit_auth_mechanism_
> files in the broker source tree for examples).

>More specifically I didn't think it worth doing this since it would tie
>authentication to the current password hashing scheme, and if you want
>to avoid sending passwords in plaintext you probably want to avoid
>sending anything in plaintext - so you should use SSL.

Agreed. But I am pretty sure that this is what NetApp implemented. So they're stuck with MD5.

>Actually, you don't want to just "present a hashed password" since that
>implies you are storing the hashed password at the client, which implies
>that it's not really hashed any more...

I suppose you mean that the client must be able to present it as clear text to the filer's MD5 algorithm.

My question: is it possible to adjust the "concurrency" of a consumer in real time? That is, when I create a consumer with

     Consumer consumer = new Consumer("q1", "q1", 3);

I get a single consumer that runs 3 threads. Can I adjust this "3" dynamically?

Thanks again.

-Paul



>At one point I tried to invent a challenge response protocol that would
>work with salted hashes, but then I came to my senses and realised I
>should leave crypto protocol design to people who know what they're doing.

>Cheers, Simon

--
Simon MacMullen
RabbitMQ, VMware
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss



ATTENTION: -----

The information contained in this message (including any files transmitted with this message) may contain proprietary, trade secret or other  confidential and/or legally privileged information. Any pricing information contained in this message or in any files transmitted with this message is always confidential and cannot be shared with any third parties without prior written approval from Syncsort. This message is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any use, disclosure, copying or distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or Syncsort and destroy all copies of this message in your possession, custody or control.


More information about the rabbitmq-discuss mailing list