If i am not wrong,the rabbitmq have a password 2011/10/2 Joshua Harlow <[email protected]>
> The question is more along the lines of this: > > So say u have ssl enabled, which is good. > > But should all actions/messages on the message queue also be verified > before they are applied as coming from the correct user? > > Say u have an initial API call that says make me a server for user X. > > Now the scheduler gets that, it should then again verify that X can make a > server (and so on). > > This kind of verification (time sensitive also) should seem like it would > be useful, complimenting SSL for each component that receives a message. > > This would stop malicious (or limit) users hacking the message queue and > spawning requests themselves. Just a thought. > > > On 9/29/11 8:11 PM, "Mike Scherbakov" <[email protected]> wrote: > > Joshua, > your question scares me :) > > Actually you can define user/pass for rabbitmq: > See in rpc/impl_kombu.py, which is used by default: > 308 self.params = dict(hostname=FLAGS.rabbit_host, > 309 port=FLAGS.rabbit_port, > 310 userid=FLAGS.rabbit_userid, > 311 password=FLAGS.rabbit_password, > 312 virtual_host=FLAGS.rabbit_virtual_host) > > But this seems to be not secured connection, since I don't see here usage > of SSL. > In rpc/impl_carrot.py: > 66 params = dict(hostname=FLAGS.rabbit_host, > 67 port=FLAGS.rabbit_port, > * 68 ssl=FLAGS.rabbit_use_ssl, > * 69 userid=FLAGS.rabbit_userid, > 70 password=FLAGS.rabbit_password, > 71 virtual_host=FLAGS.rabbit_virtual_host) > but I never tried this carrot and don't know if it works. > > Can someone else clarify the question? It seems important in terms of > security. > > Thanks, > > On Wed, Sep 21, 2011 at 2:20 PM, Joshua Harlow <[email protected]> > wrote: > > A quick security question. > > Is there any plan to force authentication/authorization of the rabbitmq > messages? > > Right now it seems like keystone (tbd) will protect the > external<->openstack layers but what about the openstack<->openstack layers. > > If someone got access to the rabbitmq it seems like without this kind of > layer bad things could happen (create me 1000 nodes...). > > Has there been any thought in that area? > > -Josh > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
