The publish client can publish some topics even without permission

lllle · November 21, 2023, 12:25pm

The publish client can publish some topics even without the permission.

I have configured file-based realm. For the subscribe, it will get not authorized response code if it tries to subscribe some topics that are not in the config file.

For the publisher, it can publish some topics that are not in the permission list.

Daria_H · November 21, 2023, 12:48pm

Hi @lllle

It seems like there might be a mistake in your permission configuration file. Based on your description, the file-based realm is working correctly for subscription, as it returns a not authorized response code when attempting to subscribe to unauthorized topics.

However, for publishing, it appears that the publisher can publish topics that are not in the permission list. This indicates a potential issue in your permission configuration.

Double-check your configuration file to ensure that the permissions for publishing are set up correctly. Verify that the topics you want to restrict for publishing are properly defined in the file, and that the publisher’s permissions are accurately configured to prevent publishing to unauthorized topics.

Best regards,
Dasha from HiveMQ Team

Topic		Replies	Views
Not authorized to publish on topic	5	618	October 4, 2022
Subscribe possible without permission HiveMQ Community Edition	2	640	November 11, 2020
Security on Topics	6	263	September 12, 2023
TopicPermission for topic containing + HiveMQ Extension SDK	1	929	August 30, 2020
HiveMQ Cloud can't connect if topic filter is specified HiveMQ Cloud	1	111	February 7, 2024

The publish client can publish some topics even without permission

Related Topics