You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 28, 2022. It is now read-only.
Currently we are sending the messages and any other data via gRPC unsecured channels. This is not supposed to be used in production as it will make applications that use simplemq insecure.
Justification
simplemq was built to run in production. gRPC uses HTTP/2 which requires encryption of the data. For simplemq to be considered usable for serious production applications, it should be secured by default.
Notes
A quick perusal of the gRPC documentation on authentication shows that we need to use 'SSL/TLS' always for the server. Clients might also authenticate themselves if they have need but for now we can leave that as a future enhancement.
Credentials are of two types:
Channel Credentials [one set of credentials per channel]
Call credentials [one set of credentials per call. These would have to be sent everytime a message is sent. This is expected to be slower and probably more complicated. Thus it would not be a good alternative for simplemq.
Problem Statement
Currently we are sending the messages and any other data via gRPC unsecured channels. This is not supposed to be used in production as it will make applications that use simplemq insecure.
Justification
simplemq was built to run in production. gRPC uses HTTP/2 which requires encryption of the data. For simplemq to be considered usable for serious production applications, it should be secured by default.
Notes
A quick perusal of the gRPC documentation on authentication shows that we need to use 'SSL/TLS' always for the server. Clients might also authenticate themselves if they have need but for now we can leave that as a future enhancement.
Credentials are of two types: