[rabbitmq-discuss] Problem with security using STOMP
michael.s.klishin at gmail.com
Mon Mar 3 10:03:11 GMT 2014
2014-03-03 13:06 GMT+04:00 Grzegorz Gębura <grzegorz.gebura at gmail.com>:
> 1) user can get login and password and create his own connection and
> subscribe to my exchange with # routing key and read all messages. Is there
> any possibility to disallow subscribing with # routing key (maybe by
> determining user permissions)? I want to use only one user with restricted
> permissions (only reading defined exchange and creating auto-deleted,
> exclusive queues).
> I don't want to create exchanges per user (this will solve my problem),
> because I will have to create and manage users and exchanges by HTTP API.
> 2) user can subscribe many queues so he can create million of queues and
> crush my rabbit server. Can I handle that by limiting queues per connection
> or exchange?
There is no such limit. Channels/queues/exchanges can be monitored over
HTTP API (which is what hosted RabbitMQ
solutions use), which also allows you to forcefully close connections:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rabbitmq-discuss