Reputation: 1368
RabbitMQ MQTT over Websockets security concern
My question is about MQTT support of RabbitMQ. After enabling the required plugins, RabbitMQ supports both MQTT and MQTT over Websockets. For server-side connections MQTT user/pass authentication is ok, because it works under the hood and we are able to secure these credentials with enterprise-wide tools. However, when it comes to utilize Websockets support and create connections from frontend javascript, we need to include username/password in our frontend. It would be as easy as opening up the developer console of a browser to get these credentials.
What is the best-practice for securing these connections? What alternatives do we have here? Any help would be greatly appreciated
Upvotes: 0
Views: 180
Answers (1)
Reputation: 59608
Generate short lived credentials for each session and load them as a REST request over HTTPS combined with tight ACLs that only allow access to the topics needed for the web app.
Upvotes: 2
Related Questions
- Using and securing rabbitmq mqtt websocket and use it in browser
- Pass JWT to rabbitmq over websockets
- Websocket Security
- WebSockets authentication
- Mosquitto websockets security best practice
- WebSocket authentication security
- How to secure MQTT over websockets
- rabbitmq-management plugin HTTP API - Security concerns
- RabbitMQ + Web Stomp and security
- RabbitMQ - security/authentication