[rabbitmq-discuss] How to deal with untrusted publishers

Michael Klishin michael.s.klishin at gmail.com
Sat Dec 21 19:13:28 GMT 2013


2013/12/21 Dennis Jacobfeuerborn <djacobfeuerborn at gmail.com>

> The problem is that technically I need to change the message format to
> "<publisher>.<key> <value>" so the consumer can know where to store the
> keys but for security reasons I cannot really rely on the publisher sending
> the correct data so I really need to insert the <publisher> bit on the
> broker side based on the username the publisher connects with. For example:
>
> - Publisher connects with the credentials "publisher1"/(some password)
> - Publisher sends message "mykey myvalue" to exchange X
> - Exchange X modifies the message and prepends a string containing the
> username resulting in the message "publisher1.mykey myvalue"
> - Consumer receives the message and can store the data in the appropriate
> place
>
> Is there a way to accomplish this or something similar with rabbitmq?
>

What you want to do can be accomplished with a custom exchange (a plugin
written in Erlang,
which implements an API with about 4-6 functions) or you could just add an
intermediary consumer
that's written in any that that republishes valid messages to another
exchange.

A couple more things I'd recommend:

 * Don't make routing keys too smart (encode too much information into them)
 * Use message headers or payload (serialized as JSON, Protocol Buffers or
similar) if you need to pass more info

HTH.
-- 
MK

http://github.com/michaelklishin
http://twitter.com/michaelklishin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131221/50d42af2/attachment.html>


More information about the rabbitmq-discuss mailing list