Authentication
Let's consider the default setup of a RabbitMQ instance. It comes with a default guest
user (with a guest
password) known by anyone with basic knowledge about the broker. Moreover, this user has an administrator
tag giving them full access to administer the broker, and, even worse, if the RabbitMQ instance port is visible to the outside world, remote commands can be executed using the rabbitmqctl
utility on that workstation using the eval
command. For this reason, it is advisable (not to say mandatory) to remove the guest
user in production deployments. Although the latest versions of RabbitMQ allow only localhost access for the guest
user, this still imposes a high risk for insider attacks. RabbitMQ stores information about users ...
Get Learning RabbitMQ now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.