MQTT Security - how to prevent abusers subscribing to topics?

android mqtt
Daniel Guillamot picture Daniel Guillamot · Apr 7, 2012 · Viewed 21.9k times · Source

I've got everything setup and working for MQTT now. I am using the IBM wmqtt.jar and the Mosquitto broker..

My Java Servlet creates an MQTTConnection to the broker and publishes under the topic "AndroidDeviceID/myAppName" ..

The Android client subscribes to that same topic...

It seems to me that if anyone knew the device name of my user, they could create a simple android app and subscribe to that topic on my MQTT broker. Then they get all the notifications (in this case instant messaging messages) from my users..

How is this properly avoided?

Answer

ralight picture ralight · Apr 7, 2012

Mosquitto provides security through username and password authentication as well as limiting access to topics with access control lists. There are details in the mosquitto.conf man page: http://mosquitto.org/man/mosquitto-conf-5.html

Related questions

C# client library for subscribing/publishing MQTT (Really Small Message Broker)

I need to implement the push notification for Android but there will not be internet access and only intranet access is available. So I think I cannot use C2DM and third party API like UrbanAirship. So I am thinking …

Read More
Basic Steps for Using MQTT in android

I am new to Android and want to use MQTT as push notifier for Android from Server. i have read about MQTT but does not understand well. if any one has used this library so plz tell me what i …

Read More
MQTT vs. XMPP Which Should I Choose?

Overview I am sending messages back and forth between a client (Android phone) and a Server (Windows Server). Using a persistent connection over TCP, which protocol would be the best solution. I am looking at performance, scalability, size of messages, …

Read More