vmq_diversityplugin and it therefore needs to be enabled:
%c(client id) which are automatically substituted with the auth data provided.
modifiers. Please note that the modified message isn't re-validated by the ACL.
pgcryptomodule which supports verifying hashed and salted passwords, while Redis has no such features. VerneMQ therefore also provides client-side password verification mechanisms such as
bcryptwhich are designed specifically to be slow (proportional to the number of rounds) in order to make brute-force attacks infeasible, this can become a problem. For example, if verifying a password with
bcrypttakes 0.5 seconds then on a single threaded core 2 verifications/second are possible and using 4 single threaded cores 8 verifications/second. So, the number of rounds/security paramenters have a direct impact on the max number of verifications/second and hence also the maximum arrival rate of new clients per second.
vernemq.conffile for more info about additional options:
pgcryptoextension is required if using the server-side
vmq_diversity.cockroachdb.sslcan be set to
*are no longer considered secure hashes.
PASSWWORDto for password hashing:
srvoption instead of
port. VerneMQ will randomly choose a host/port combination from the seed list returned in the DNS SRV record. MongoDB SRV connections use TLS by default. You will need to configure TLS support for MongoDB for most SRV connections.
mongoshell or any software library. The
passhashproperty contains the bcrypt hash of the clients password.
redis-clishell or any software library. The
passhashproperty contains the bcrypt hash of the clients password. The key is an encoded JSON array containing the mountpoint, username, and client id. Note that no spaces are allowed between the array items.