mqtt subscribe only topic

0
votes

sorry if this might be a newbie question for mqtt.

Is it possible to limit clients of an mqtt message broker, so that they can subscribe only to a topic, but not publish on the same topic for security reasons?

3
securitymqtt
Which broker are you using? - hardillb
i have used the mqtt community plugin for rabbitmq bec ause i had rabbitmq already running. Seems like the other mqtt brokers have more options available. Not very happy to introduce "another broker" - Mandragor

3 Answers

0
votes

Yes.

Mosquitto's ACL scheme supports 3 modes for topics read/write/readwrite which would give you what you want.

You can find details in the mosquitto.conf man page

0
votes

yes, that is totally possible, but depending on the MQTT broker.

You can learn more about authorization in MQTT in general and how it works in HiveMQ here: http://www.hivemq.com/blog/mqtt-security-fundamentals-authorization/

Hope that helps, Christian

Disclaimer: I'm involved with dc-square, the company which is developing HiveMQ.

0
votes

You could use an F5 BIG-IP to filter out the MQTT Publish messages from clients that are not on a "white list" before sending them down to your MQTT Brokers. I've done something similar to this where I only allowed in certain MQTT Topics and dropped the rest -- for security reasons.