Hi > It seems like talking about txAMQP+txThrift is all the rage on this > mailing list nowadays (and I'm not surprised, it's awesome!), so > here's some more :-)
Great to know it's useful for somebody else :-) BTW, this problem would probably be best answered in the rabbitmq-discuss mailing list (or any other AMQP-related mailing list). Anyway, there are different ways to solve it: - At the lowest transport level (SSL) - At the protocol/transport level (AMQP) - At the application level (Thrift) 1) If you're already using SSL, you can use client certification authentication: http://www.stunnel.org/examples/client_cert.html http://software.wwwi.com/ssl/stunnel.shtml this basically means that your clients will need to present a valid certificate. In an ideal scenario, each client will have a different certificate. 2) AMQP supports basic authentication (username/password), just create different users for every client. The problem is that, in contrast to SSL, traffic is unencrypted, so you'll only get authentication, 3) Use what JP described, it's feasible, but it requires you to figure out an authentication scheme. It depends on how you design your application, and if it requests credentials. Keep in mind that AMQP should not be exposed to the internet directly unless you add permissions to the AMQP resources. RabbitMQ recently introduced support for access control in the 1.6.0 release: http://www.rabbitmq.com/admin-guide.html#access-control > One suggestion by JP Calderone in the #twisted channel on freenode is > to use onioning, eg encrypt the *Thrift* message with GPG or SSL or > whatever and then not care about the AMQP part being unencrypted. I'm > not sure how this would work with txThrift, but Twisted's SSL > implementation apparently has recently (in the last few days) acquired > memory bios support, so this is _technically_ feasible. I think you cannot plug SSL between AMQP and Thrift, since Thrift sits on top of AMQP, and the latter on top of TCP. The only place where you could add SSL is in between TCP and AMQP. Cheers.
