Comments (3)
-
Auth subsystem designed to be flexible. The main idea is each listener may have own auth list and it's order. Generally, if two different auth backends can authenticate the same user with different credentials it's a security pothole. Such a case shall not be considered.
If you have a user with rights to subscribe/publish to any topic (for example using simpleAuth) this user shall have a good password and other auth backends with this listener must not have the user with the same name.
Regarding storing a reference to the auth backend: I'm not sure it is a good idea though it provides the right use case as you mentioned. I'll give this problem a little think. -
if e := s.permissions.ACL(s.id, "", pkt.Topic(), vlauth.AccessWrite); e != vlauth.StatusAllow
that's a bug. The user should be in there.
from volantmq.
Hi @troian I tried to fix it here #169. Let me know your opinion.
Also because of this -
Lines 38 to 40 in 99c21c3
Simple auth is always allowing by default. I think we'll have to do something if we want to block a user from pub/sub to any topic.
Also this caught my attention -
volantmq/connection/connection.go
Lines 925 to 930 in f15e5d9
This explains why my message passed through even if i set default of simpleAuth to StatusDeny. The message I was publishing was with QOS0
Shall i go ahead trying to fix this ?
from volantmq.
Yes, that's why it called simpleAuth. It is intended to do user/password authentication not pub/sub. So there is nothing to do with it. pub/sub filtering is up to more complex auth backends
Issue you mention is fixed in pr #168
from volantmq.
Related Issues (20)
- Docker automated builds HOT 1
- plugin: README for systree HOT 1
- plugin: README for prometheus HOT 1
- plugin: README for debug HOT 1
- plugin: README for health HOT 1
- ci: test circleci
- tests: validate specs with IoT-Testware
- TLS is ignored HOT 3
- Auth Plugin using Mongo Backend HOT 5
- subscriber is leaking if session has expiry
- persistence bbolt plugin build problem HOT 2
- How to disable authorization? HOT 4
- Consider filing PR on zentures/surgemq HOT 3
- Does volantmq support scalable distribution HOT 6
- 客户端事件获取问题 HOT 2
- Have any plans for Shared Subscription? HOT 1
- Ever-increasing worker goroutines HOT 2
- Bug reports HOT 1
- Message Order Not Preserved
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from volantmq.