Subject: Re: [Trove] State of the Trove service tenant deployment model

Zane Bitter zbitter at
Wed Jan 23 01:04:28 UTC 2019

On 23/01/19 9:09 AM, Darek Król wrote:
> On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:
>> Last time I heard (which was probably mid-2017), the Trove team had
>> implemented encryption for messages on the RabbitMQ bus. IIUC each DB being
>> managed had its own encryption keys, so that would theoretically prevent
>> both snooping and spoofing of messages. That's the good news.
>> The bad news is that AFAIK it's still using a shared RabbitMQ bus, so
>> attacks like denial of service are still possible if you can extract the
>> shared credentials from the VM. Not sure about replay attacks; I haven't
>> actually investigated the implementation.
>> cheers,
>> Zane.
>> Excellent - many thanks for the confirmation.
>> Cheers,
>> Michael
> Hello Michael and Zane,
> sorry for the late reply.
> I believe Zane is referring to a video from 2017 [0].
> Yes, messages from trove instances are encrypted and the keys are kept
> in Trove DB. It is still a shared message bus, but it can be a message
> bus dedicated for Trove only and separated from message bus shared by
> other Openstack services.
> DDOS attacks are also mentioned in the video as a potential threat but
> there is very little details and possible solutions.

Yes, in fact that was me asking the question in that video :)

> Recently we had
> some internal discussion about this threat within Trove team. Maybe we
> could user Rabbitmq mechanisms for flow control mentioned in [1,2,3] ?
> Another point, I'm wondering if this is a problem only in Trove or is
> it something other services would be interesting in also ?
> Best,
> Darek
> [0]
> [1]
> [2]
> [3]

More information about the openstack-discuss mailing list