[zeromq-dev] security model recommendation

Ilya Dmitrichenko errordeveloper at gmail.com
Thu Sep 8 02:34:23 CEST 2011


On 8 September 2011 00:56, Pieter Hintjens <ph at imatix.com> wrote:
> You can already use iptables to whitelist trusted peers, and block all others.

And you can implement a simple authentication scheme each time the client
application runs, it first connects to your server and authenticates via HTTPS
and then if it's all good the FW allows their IP. Then you can develop a custom
monitoring application or something of that nature which would kill the peer if
it misbehaves :)

This is quite a basic idea, don't take my word for it please.

Also, if your server is hosted on well managed network, these sort of things
would be detected by the administrators, using netflow monitoring for example.

Well, not too make this too complicated - it all depends on what exactly you
want to use zmq for.

I don't think there is a need for these things to be handled in the
library really,
may be some generic hints can be added in the FAQ section.


Cheers,
-- 
llya



More information about the zeromq-dev mailing list