FlowMQ

Appearance

Security

FlowMQ provides robust security features to ensure secure communication and access control across all supported protocols.

TLS Encryption

All public connections to FlowMQ must use TLS (Transport Layer Security) for encrypted communication. This requirement ensures that all data transmitted between clients and the FlowMQ broker is protected from eavesdropping and tampering.

TLS Configuration

  • Encryption Purpose: TLS is used exclusively for encryption and secure communication
  • Client Certificates: FlowMQ does not require client TLS certificates for connection establishment
  • Server-side TLS: The broker provides TLS certificates to establish secure connections

Authentication

Every client connecting to FlowMQ must provide authentication credentials. This ensures that only authorized clients can access the messaging system.

Credential Requirements

  • Mandatory Authentication: All client connections require valid authentication credentials
  • Universal Credentials: Authentication credentials are shared across all supported protocols
  • Protocol Flexibility: The same credentials work regardless of which protocol you use to connect

Protocol-Specific Authentication

FlowMQ supports multiple messaging protocols natively, and each protocol uses its standard authentication mechanism while sharing the same underlying credentials:

MQTT

  • Uses standard MQTT username and password authentication
  • Credentials are sent during the CONNECT packet

Kafka

  • Supports SASL PLAIN authentication mechanism
  • Uses username and password for client authentication

AMQP

  • Implements AMQP's PLAIN authentication mechanism
  • Standard username and password authentication

Authentication Flow

  1. Client initiates connection using any supported protocol (MQTT, Kafka, AMQP)
  2. Client provides authentication credentials using the protocol's standard method
  3. FlowMQ validates the credentials against the authentication system
  4. Upon successful authentication, the client is granted access to authorized resources

Security Best Practices

  • Always use the latest TLS version supported by your client
  • Store authentication credentials securely and avoid hardcoding them
  • Regularly rotate authentication credentials
  • Use strong, unique passwords for authentication

Cross-Protocol Compatibility

One of FlowMQ's key security advantages is credential portability across protocols. This means:

  • A client authenticated via MQTT can also connect using Kafka with the same credentials
  • Simplified credential management for multi-protocol applications
  • Consistent access control regardless of the chosen protocol

© 2025 FlowMQ. All rights reserved.