I've got everything setup and working for MQTT now. I am using the IBM wmqtt.jar and the Mosquitto broker..
My Java Servlet creates an MQTTConnection to the broker and publishes under the topic "AndroidDeviceID/myAppName" ..
The Android client subscribes to that same topic...
It seems to me that if anyone knew the device name of my user, they could create a simple android app and subscribe to that topic on my MQTT broker. Then they get all the notifications (in this case instant messaging messages) from my users..
How is this properly avoided?
Q- Can I get list of all topics on a broker? A- Not unless you subscribe to all topics and scan them.
Can MQTT subscribe to multiple topics? Yes. You can use MQTT wildcards to subscribe to multiple topics simultaneously.
If that strictly follows the MQTT spec we are talking about 7^65536 possible topics (as explained here ), but for smaller brokers / clients (for example embedded stuff) the maximum topic length can be a lot smaller than 65536 bytes.
Mosquitto provides security through username and password authentication as well as limiting access to topics with access control lists. There are details in the mosquitto.conf man page: http://mosquitto.org/man/mosquitto-conf-5.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With