[rabbitmq-discuss] How to deal with untrusted publishers
Michael Klishin
mklishin at gopivotal.com
Thu Feb 13 04:48:23 GMT 2014
On 13 Feb 2014, at 06:21, Michael Giagnocavo <mgg at giagnocavo.net> wrote:
> What about in general, if the client isn't trusted? Is the RabbitMQ threat model designed to encompass malicious clients?
RabbitMQ has a pretty fine grained permissions model,
has mandatory authentication and supports TLS.
http://www.rabbitmq.com/access-control.html
http://www.rabbitmq.com/ssl.html
in the case of a rogue publisher that has
authenticated, eventually all connections that publish messages
will be blocked. There are multiple strategies to avoid this.
http://www.rabbitmq.com/memory.html
http://www.rabbitmq.com/blog/2014/01/23/preventing-unbounded-buffers-with-rabbitmq/
HTH.
MK
Software Engineer, Pivotal/RabbitMQ
More information about the rabbitmq-discuss
mailing list