B4J Question MQTT Username & Password

aaronk

Well-Known Member
Licensed User
Longtime User
Hi,

I am trying to make my MQTT server more secure by making it ask for a username and password to send messages.

I understand that you can use code like the following to make it ask for a username and password as soon as B4A, B4i & B4J clients connect:

B4X:
mo.Initialize("user","pass")

However, that username and password will be used by all clients and can't control which username has logged in etc.

Is there a way to make it ask for user/pass when sending or subscribing to a topic ?

If I was to modify the CreateMessage sub like:

B4X:
Type Message (Body as string, From as String, User as string, Pass as string)
Private Sub CreateMessage(body as string) as byte()
Dim m as Message
m.Initialize
m.body = body
m.from = currentname
m.user = "username"
m.pass = "password"
End Sub

Then when the incoming message is received at the B4J end, receive the user/pass string from the message and check my database to see if the username and password is in the database before processing this message on my server.

Is that the best way in doing this, or is there a more secure way in doing it ?
 

udg

Expert
Licensed User
Longtime User
However, that username and password will be used by all clients and can't control which username has logged in etc.

Why the credentials are supposed to be unique among many users? I did experiment with cloudmqtt service and set a few users each with its own credentials.

Edit: btw, Erel's chat room example should show how to manage a multi-user setup (not tried yet personally but reading the doc that was my understanding).

udg
 
Last edited:
Upvote 0

aaronk

Well-Known Member
Licensed User
Longtime User
Why the credentials are supposed to be unique among many users?
I only want some users to be able to send to some topics. For Example User1 might only be able to send to Topic1 where user 2 might be able to send to a different topic.

By using a username and password I was hoping to limit the user on which topics they can send messages to, plus want to limit who can send messages. I don't want just anyone using my MQTT-broker to send messages without me knowing. I plan on using a user/pass to connect to my MQTT but then also want to use a user/pass to subscribe and send messages.

Edit: btw, Erel's chat room example should show how to manage a multi-user setup (not tried yet personally but reading the doc that was my understanding).
That is what I have been looking at while learning how MQTT works.
 
Upvote 0

udg

Expert
Licensed User
Longtime User
I only want some users to be able to send to some topics.
Wasn't that solved by Erel's post #2 in your "Connection ad Messages" thread? Each user subscribes only to the topics he should work with; you could have a "shared" topic to exchange info among all the users and many "private" topics each for a single user.

BTW, in a different thread you ask about read-only permission. I don't know if it's exposed by jBroker but CloudMQTT let you set read and write permissions for each user on each topic.

..but then also want to use a user/pass to subscribe and send messages.
Here again my experience is limited to the service offered by CloudMQTT. What I did was to setup a few users, each with its own credentials and activate for each as many topics I needed (for each topic I could set read/write permissions). What I found was that I had not to use the credentials given when started the free service subscription but the ones I set for each user.
So, maybe, with JBroker you are expected to do the same: set up a new user, gve him his own credentials and subscribe to shared and private topics.

I am sure others with direct experience on jBroker will better explain how to do it. I'd like just to tell you that what you planned it is doable.

udg
 
Upvote 0

aaronk

Well-Known Member
Licensed User
Longtime User
Thanks for your feedback and suggestions.

Think of this way..

My phone connects to my MQTT broker and subscribes to the topic 'test' and I send messages.

Then you come along with your phone and connect and then subscribe to the topic 'test'. How do I then stop you from sending messages to this topic? If you was to login with your user/pass then I could limit you from subscribing in the first place.

As I am only still learning MQTT, the easiest way is to play and test and see what is possible and what isn't possible.
 
Upvote 0

udg

Expert
Licensed User
Longtime User
I am learning and experimenting too..:)

If you can't use the broker to set individual accounts, maybe you could establish a middle-layer which any phone authenticates to, receives a list of authorized topics (along with read/write permission) and sends a message to be connected to the broker. This way, if you have only one set of credentials to the boker, they stay in the middle-layer not on the phone.
So all the phones will communicate with the mid-layer which in turn will let pass only "valid" messages to the broker.

My suggestion is to wait until someone more knowledgeble about jbroker would comment on its features and limits. I never used it.
 
Upvote 0
Top