I'm working on a project that will have untrusted clients (potentially 1000s) all in contact with a central server. The message traffic will be low, and each client will be invisible to each other (in other words, they should be unable to talk to each other or spy on each other's channels).
RabbitMQ seems like a potential great fit here. It would serve as the intermediary between my application and the clients. The clients would connect directly to RMQ, each with their own separate queue, and RMQ would broker the messages between the clients and my server.
So my question: Assuming I set everything up (mostly) right (authentication, each client is a separate user, permissions on queues, etc.), is RabbitMQ secure for this kind of public-facing application? Does anyone have any examples of a similar setup in the wild?
As an illustrative example, nginx and sshd are designed to be public-facing, while something like MongoDB really isn't. Even if I set up individual usernames and passwords on Mongo and set permissions on individual collections, I'd be uneasy with letting untrusted clients connect to it directly.
Best Answer
Rogue clients still can break RabbitMQ cluster(server) even if you set all your permissions correctly. This can happen when clients open a lot of connections.
It's recommended to use some sort of load balancer (e.g. Haproxy) to protect cluster from such attacks.