You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by andi welchlin <an...@gmail.com> on 2017/11/21 16:48:27 UTC
Are senders anonymous using AMQP 1.0 through a broker?
Hello all,
I was asking myself if the messages which go through QPID brokers are
anonymous so that you can not find out who the sender was.
I speak about AMQP 1.0.
First Case (one broker):
If a producer sends a message to a QPID broker and a consumer is receiving
it. Is it possible for the consumer to see who the publisher of the message
was? Any ip-address or something like this? Are there any sender specific
application properties?
Second Case (broker federation):
If there was a federation of two brokers: Would a consumer of a message on
the second broker be able to see that the message came through the first
broker?
Kind Regards,
Andreas
Re: Are senders anonymous using AMQP 1.0 through a broker?
Posted by Jakub Scholz <ja...@scholz.cz>.
In that case it depends mainly on your clients which are sending the
messages. The broker doesn't set this field. It only validates it in case
it is set by the client. So depending on your client library there might be
some on/off switch or you might be able to set the user-id property to null
etc. For example in Qpid JMS client the setting "jms.populateJMSXUserID"
should do the trick (switched off by default).
JAkub
On Wed, Nov 22, 2017 at 9:04 AM, andi welchlin <an...@gmail.com>
wrote:
> Hello Jakub,
>
> thank you for your answer.
>
> My use case is the other way around. I would like senders to be anonymous.
> The idea is to communicate via an exchange but it should not be possible -
> even with a network sniffer - to identify the sender.
>
> Kind Regards
> Andreas
>
>
>
> On Tue, Nov 21, 2017 at 6:23 PM, Jakub Scholz <ja...@scholz.cz> wrote:
>
> > AFAIK the AMQP message has a property called user-id. This can be set by
> > the client and the broker would verify that if it is set it contains the
> > user-id of the connected user and not some other user-id. So you can use
> it
> > to identify the sender. However, some clients simply leave it empty (and
> > sometimes it is not trivial to know the identity under which you are
> > connected to the broker). So in some cases the sender would need to set
> it
> > explicitely.
> >
> > I personally always tried to configure the brokers in a way that the
> > messages from different users never crossed their path - they always used
> > different queues, exchanges etc. Thanks to that I was able to identify
> the
> > sender of the message for example based on the queue from which my
> received
> > got the message. But this trick can be used only in some scenarios.
> >
> > I never used federation, so I cannot help with the second case.
> >
> > What is your use case for knowing the sender user id? Do you need it for
> > some security purposes?
> >
> > Jakub
> >
> > On Tue, Nov 21, 2017 at 5:48 PM, andi welchlin <an...@gmail.com>
> > wrote:
> >
> > > Hello all,
> > >
> > > I was asking myself if the messages which go through QPID brokers are
> > > anonymous so that you can not find out who the sender was.
> > >
> > > I speak about AMQP 1.0.
> > >
> > > First Case (one broker):
> > > If a producer sends a message to a QPID broker and a consumer is
> > receiving
> > > it. Is it possible for the consumer to see who the publisher of the
> > message
> > > was? Any ip-address or something like this? Are there any sender
> specific
> > > application properties?
> > >
> > > Second Case (broker federation):
> > > If there was a federation of two brokers: Would a consumer of a message
> > on
> > > the second broker be able to see that the message came through the
> first
> > > broker?
> > >
> > > Kind Regards,
> > > Andreas
> > >
> >
>
Re: Are senders anonymous using AMQP 1.0 through a broker?
Posted by andi welchlin <an...@gmail.com>.
Hello Jakub,
thank you for your answer.
My use case is the other way around. I would like senders to be anonymous.
The idea is to communicate via an exchange but it should not be possible -
even with a network sniffer - to identify the sender.
Kind Regards
Andreas
On Tue, Nov 21, 2017 at 6:23 PM, Jakub Scholz <ja...@scholz.cz> wrote:
> AFAIK the AMQP message has a property called user-id. This can be set by
> the client and the broker would verify that if it is set it contains the
> user-id of the connected user and not some other user-id. So you can use it
> to identify the sender. However, some clients simply leave it empty (and
> sometimes it is not trivial to know the identity under which you are
> connected to the broker). So in some cases the sender would need to set it
> explicitely.
>
> I personally always tried to configure the brokers in a way that the
> messages from different users never crossed their path - they always used
> different queues, exchanges etc. Thanks to that I was able to identify the
> sender of the message for example based on the queue from which my received
> got the message. But this trick can be used only in some scenarios.
>
> I never used federation, so I cannot help with the second case.
>
> What is your use case for knowing the sender user id? Do you need it for
> some security purposes?
>
> Jakub
>
> On Tue, Nov 21, 2017 at 5:48 PM, andi welchlin <an...@gmail.com>
> wrote:
>
> > Hello all,
> >
> > I was asking myself if the messages which go through QPID brokers are
> > anonymous so that you can not find out who the sender was.
> >
> > I speak about AMQP 1.0.
> >
> > First Case (one broker):
> > If a producer sends a message to a QPID broker and a consumer is
> receiving
> > it. Is it possible for the consumer to see who the publisher of the
> message
> > was? Any ip-address or something like this? Are there any sender specific
> > application properties?
> >
> > Second Case (broker federation):
> > If there was a federation of two brokers: Would a consumer of a message
> on
> > the second broker be able to see that the message came through the first
> > broker?
> >
> > Kind Regards,
> > Andreas
> >
>
Re: Are senders anonymous using AMQP 1.0 through a broker?
Posted by Jakub Scholz <ja...@scholz.cz>.
AFAIK the AMQP message has a property called user-id. This can be set by
the client and the broker would verify that if it is set it contains the
user-id of the connected user and not some other user-id. So you can use it
to identify the sender. However, some clients simply leave it empty (and
sometimes it is not trivial to know the identity under which you are
connected to the broker). So in some cases the sender would need to set it
explicitely.
I personally always tried to configure the brokers in a way that the
messages from different users never crossed their path - they always used
different queues, exchanges etc. Thanks to that I was able to identify the
sender of the message for example based on the queue from which my received
got the message. But this trick can be used only in some scenarios.
I never used federation, so I cannot help with the second case.
What is your use case for knowing the sender user id? Do you need it for
some security purposes?
Jakub
On Tue, Nov 21, 2017 at 5:48 PM, andi welchlin <an...@gmail.com>
wrote:
> Hello all,
>
> I was asking myself if the messages which go through QPID brokers are
> anonymous so that you can not find out who the sender was.
>
> I speak about AMQP 1.0.
>
> First Case (one broker):
> If a producer sends a message to a QPID broker and a consumer is receiving
> it. Is it possible for the consumer to see who the publisher of the message
> was? Any ip-address or something like this? Are there any sender specific
> application properties?
>
> Second Case (broker federation):
> If there was a federation of two brokers: Would a consumer of a message on
> the second broker be able to see that the message came through the first
> broker?
>
> Kind Regards,
> Andreas
>