a On Sun, Oct 21, 2012 at 7:57 AM, Merijn Verstraaten <[email protected]>wrote:
> Hello again! > > Yesterday I sent an email about doing authenticated PUBSUB by having a > server side thread per client, however, after some thinking I realised > there are more issues with using ZMQ on the internet and some more in-depth > fixing might be desirable. > > The issue with using ZMQ on the internet (or any untrusted network, > really) is that anyone can just download the library and connect all sorts > of untrusted code to your infrastructure that can mess with it in all sorts > of undesirable ways. Some specific issues: As well as the normal IP level filtering/firewalling, there is currently the flexibility to specify TCP accept parameters, with the sockopt ZMQ_TCP_ACCEPT_FILTER. That gives you some broad filtering of who can connect, which would be good enough for many situations. For your case (a connected, valid client starts doing Bad Things) I would say for PUB/SUB there is only a HWM controllable risk, but for ROUTER there would be value in being able to kick off a certain identity. That said, just inspecting and dropping bad messages would probably work as well. I would definitely try and nail down more precisely the kind of scenario you're concerned about, and work out the most minimal change that could resolve it. Be aware that TCP is just one of the transports, and for core library features we should be looking for as wide support as we can reasonably achieve (so I should be able to handle a bad client over IPC etc.). The bad person snooping problem I would handle over the top of ZeroMQ rather than trying to solve at that layer - it's much easier (and generally more pleasant) to separate message delivery from distribution using a bit of crypto. Ian
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
