views:

440

answers:

1

I am working on power monitoring and want to send live power data to authorised users only. Some users have opted to install power sensors in their houses, others are viewing those sensors. Each sensor sends samples to a Twisted backend - the goal is to have this backend forward the data to Javascript running in the browser.

My current solution to forwarding the data is an Orbited server and an instance of MorbidQ (MorbidQ is a Stomp server). Each building in my system (example here) has its own channel for updates. The twisted backend broadcasts the data through the MorbidQ channel to anyone watching, but anyone can watch. There is an entry on my blog about the data flow from sensor to site

For many buildings, I only want a couple of users to be able to see live data in a given building. I would like to use Django Auth if possible, or some sort of workaround if not.

What is the easiest way to secure these channels per user? Can I use Django Auth? Should I use RabbitMQ or ActiveMQ instead of MorbidQ? What measures can I take to keep this solution secure?

For coding I am most confident in C++ and Python.

Thanks!

+1  A: 

If you use the restq extensions for morbidq, you can have it send an http callback to your application every time the user attempts to connect. (See http://www.morbidq.com/trac/wiki/RestQ ). Your django app can then just return yes or no to the connect attempt (after it runs though some auth procedure.)

Michael Carter
+1 That sounds like a great solution! Thankyou very much :)
Tom Leys