保护 RabbitMQ 涉及身份验证、授权(权限、虚拟主机)、加密 (TLS) 和网络安全 — 保护代理和它处理的消息。理解 RabbitMQ 安全对于生产部署很重要。
身份验证和授权
✓ AUTHENTICATION → require credentials (users/passwords); don't use the default guest
account in production (it's restricted to localhost by default — and should be removed/changed)
✓ AUTHORIZATION → grant users PERMISSIONS (configure/write/read) per VHOST → least privilege
(users access only what they need)
✓ VHOSTS → isolate applications/tenants; scope permissions per vhost
✓ Consider external auth (LDAP, OAuth) for enterprise
