qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Watte <jwa...@gmail.com>
Subject Re: Sending a message to a non-existent exchange
Date Mon, 18 Jan 2010 17:15:09 GMT
>
> If you are concerned about deliberately mis-behaved clients then
> authentication is the way to go.


I don't understand why. Authentication just means that someone is who they
say they are. It doesn't mean that the "someone" is guaranteed to not
mis-behave. Note that when I say "client," I mean any random customer of my
service across the wider internet, not just a small, tightly-coupled set of
trusted hosts.

Sincerely,

jw


--
Americans might object: there is no way we would sacrifice our living
standards for the benefit of people in the rest of the world. Nevertheless,
whether we get there willingly or not, we shall soon have lower consumption
rates, because our present rates are unsustainable.



On Mon, Jan 18, 2010 at 1:48 AM, Gordon Sim <gsim@redhat.com> wrote:

> On 01/16/2010 05:19 PM, Jon Watte wrote:
>
>> In the case of dynamically adding and removing exchanges, doesn't this
>> mean
>> that there is a race condition between an exchange being removed, and all
>> clients knowing about it?
>>
>
> Yes. If you remove an exchange that clients may be using without any
> coordination with them, they will likely get an exception.
>
>
>  If you required all clients to have to acknowledge an exchanged-removed
>> message on some other queue before you could actually remove the exchange,
>> then wouldn't you open yourself up to denial attacks by mis-behaved
>> clients?
>>
>
> If you are concerned about deliberately mis-behaved clients then
> authentication is the way to go.
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message