Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MQTT Security - how to prevent abusers subscribing to topics?

Tags:

android

mqtt

I've got everything setup and working for MQTT now. I am using the IBM wmqtt.jar and the Mosquitto broker..

My Java Servlet creates an MQTTConnection to the broker and publishes under the topic "AndroidDeviceID/myAppName" ..

The Android client subscribes to that same topic...

It seems to me that if anyone knew the device name of my user, they could create a simple android app and subscribe to that topic on my MQTT broker. Then they get all the notifications (in this case instant messaging messages) from my users..

How is this properly avoided?

like image 252
Daniel Guillamot Avatar asked Apr 07 '12 18:04

Daniel Guillamot


People also ask

Can a client subscribe to all the topics available with broker in MQTT?

Q- Can I get list of all topics on a broker? A- Not unless you subscribe to all topics and scan them.

Can a MQTT client subscribe multiple topics?

Can MQTT subscribe to multiple topics? Yes. You can use MQTT wildcards to subscribe to multiple topics simultaneously.

How many topics can a MQTT broker handle?

If that strictly follows the MQTT spec we are talking about 7^65536 possible topics (as explained here ), but for smaller brokers / clients (for example embedded stuff) the maximum topic length can be a lot smaller than 65536 bytes.


1 Answers

Mosquitto provides security through username and password authentication as well as limiting access to topics with access control lists. There are details in the mosquitto.conf man page: http://mosquitto.org/man/mosquitto-conf-5.html

like image 174
ralight Avatar answered Oct 14 '22 02:10

ralight