-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not able to deny subscription to topic "#" #1387
Comments
Once you start using ACLs then anything that doesn't match an ACL is denied. Your users could subscribe to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello.
I wanted to use Mosquitto to create a multi-user an online application where users can modify data "live" together, similar to Google Docs.
Basically, a lobby system would generate a UUID as a topic name, and the authorized clients should connect to said topic to exchange events.
The problem is that any non-authorized client could just subscribe to "#", and thus get all messages and read all topic names, and subsequently send malicious data to all topics.
I've looked through the ACL and Mosquitto config, but have not been able to find an answer:
Is there any way I can allow subscription to specific topics (in this case UUIDs), but disallow subscription to wildcards in general?
Thank you and have a nice day,
Alexander Dahmen
The text was updated successfully, but these errors were encountered: