[zeromq-dev] Authentication and filtering

Dmitriy Vsekhvalnov dvsekhvalnov at gmail.com
Sat Dec 28 17:48:04 CET 2013


Bruno, can you extend your thought. How can i track identity or peer?


On Sat, Dec 28, 2013 at 7:38 PM, Bruno D. Rodrigues <
bruno.rodrigues at litux.org> wrote:

> Use the identity for routing and a first message from your own for
> authentication. Now if the auth fails, I have no idea how to “disconnect”
> that peer :( but you can keep your own hash and never reply back to such
> peer.
>
> On Dec 28, 2013, at 15:17, Dmitriy Vsekhvalnov <dvsekhvalnov at gmail.com>
> wrote:
>
> Hi Pieter, well that's what i'm concerned about. Events (tasks) contains
> sensitive information and they shouldn't be routed to workers which are not
> authorized to view it.
>
> If worker (maliciously or by mistake) specify empty filter "" - it will
> get all messages, right?
>
> But i'm looking for authentication + filtering based on authenticated
> identity. I don't know, like maintaining hash map of authenticated workers.
>
>
> On Sat, Dec 28, 2013 at 11:49 AM, Pieter Hintjens <ph at imatix.com> wrote:
>
>> On Sat, Dec 28, 2013 at 7:57 AM, Dmitriy Vsekhvalnov
>> <dvsekhvalnov at gmail.com> wrote:
>> > I probably didn't specify my concerns about filtering clear enough. If
>> > filter set to empty - sub will receive all events? That's not
>> acceptable,
>> > workers should never receive events that are not dedicated to it.
>> >
>> > Also I don't think pub/sub will work, because pub broadcasts messages
>> to all
>> > subs. And again this is not what we need, event should be processed not
>> more
>> > than once.
>>
>> You should perhaps start by reading the Guide and learning the basics.
>> Pub-sub uses a prefix match. If you make no subscriptions, you get
>> nothing. If you subscribe to "A" you get all messages starting with
>> "A". If you subscribe to "", you get all messages.
>>
>> -Pieter
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20131228/2923b11d/attachment.htm>


More information about the zeromq-dev mailing list