Blog de Joe Freeman

The best approach for protecting data in message queues and data streams is to not put any sensitive data in the message. Some systems use a claim check  model where the messages contain just resource identifiers that can be used passed to the originating system to retrieve the data. The  Claim check approach   creates tighter coupling between the producer and consumers. It puts an additional burden on the producer to be able to cough up the data associated for the claim for some period of time.  Some systems sometimes have to create caching architectures to store the claims for retrieval adding additional complexity to the producer.  Data / payload encryption is an alternative approach that can be used to protect data stored in messaging systems or on disk. Sensitive data is encrypted and put into the message payload.  Producers and consumers only need share access to encryption or decryption keys. This is easy in cloud environments which have services b...

RabbitMQ is one of the many caching and messaging tools that uses local disk persistent storage or as a backing store for in memory data.  These systems normally put data to disk in some format that is optimized for speed and not for security. Ex: RabbitMQ, ActiveMQ, Coherence, Gemfire, MongoDB. This can cause issues when trying to comply with policies around protecting Personally Identifiable Information  , making systems Payment Card Industry Data Security Standard (PCI DSS) compliant or when implementing S/Ox controls. RabbitMQ Installation We assume that you are running RabbitMQ under the local system account.  Users who run RabbitMQ under different accounts or in different locations must change certain commands or settings.  The RabbitMQ team has a good set of documentation on their web site. Windows installation instructions:  https://www.rabbitmq.com/install-windows.html Windows quirks:  https://www.rabbitmq.com/windows-quirks.ht...

This post describes message routing inside an application. It does not describe message routing across message brokers or across systems. Message driven, or push based notification, systems stream Messages from message sources to interested parties ( Observers) .  There are often multiple message types  routed to multiple observers.  Message types are represented in code as Message interfaces/classes. Message Observers are often interested in some subset of the messages and implement some type of interface or registration scheme that tells the message routing module which message types they are interested in. Scenarios One use case for this is a User Interface that streams UI events (M essages ) from various components to event handlers (O bservers ).  The message sources create messages specific to that event type. The event handlers may receive and process messages of one or more types. Another use case might be some type of IoT device like an IOIO that c...

Note: This is a quick off-the-cuff blog so I don't lose my installation notes. I created a Microsoft Virtual Lab  on my Mac to learn and develop against.  Now I want to add Message Bus for Windows Server to that environment.  The message bus requires SQL Server, for queue persistence. I'll use SQL Server instance / VM I've already installed.  The message bus runs in a cluster configuration with from 1-3 message bus machines. I'll use a single node because I'm learning/devloping and not performance testing it. Message Bus and SQL Server VMs will all be part of my virtual lab's AD domain, virtdev.freemansoft.com. You don't have to use Active Directory but it makes configuration simpler.  My Windows 7 development machine is not part of the virtual lab domain so we will have some configuration to do to give that client access. Quick Service Bus Overview The message bus provides a simple way of implementing asynchronous message passing between diffe...