Alibaba Cloud Message Service (MNS) provides services that are accessible over Internet using HTTP. For messages containing sensitive information, how to further increase the security of the network links between a user’s client programs and Alibaba Cloud services? Currently, there are two solutions:
1. The HTTPS domain name for MNS is made available to users, which is being scheduled to happen mid April.
2. Messages to transmit are encrypted to avoid being intercepted.
Here are the best practices to encrypt MNS messages to transmit.
Encrypt messages before they are transmitted;
Decrypt the messages at the recipient end before they are consumed;
Sample code (Java): SecurityQueue.zip
- SeurityQueue.java: provides putMessage, popMessage and deleteMessage interfaces.
Before sending a message to the server, putMessage encrypts the message with the specified key and encryption algorithm.
After receiving the message from the server, popMessage decrypts the message following the specified method and returns the decrypted message.
SecurityKeyGenerator.java is used to generate secretKey to encrypt and decrypt messages.
SecurityQueueDemo.java provides a demo program showing how to use SeurityQueue.
See ReadMe in the attachment for more information.
Encrypting and decrypting messages can somehow compromise performance.
Please do not push unencrypted messages to the encrypted message queue.