🌵OldMartijntje

Search

SearchSearch

mqtt protocol

Mar 28, 2025, 2 min read

MQTT (Message Queuing Telemetry Transport) is a protocol on which you can transfer messages.

The protocol has by default only 2 things it can do: Emit and Listen. Or Send and Subscribe.

You can subscribe on a topic, this topic is a string. Whenever someone sends a message on a topic, everyone Listening to it will receive it. You can compare it to a radio broadcast that is playing music, and everyone listening on the same Frequency will hear it. And since the frequency is a string instead of a radio frequency, it means that there are almost infinite different channels you could use.

This protocol gets used a lot to talk between hardware devices, and for them to talk to a server. But you can theoretically use this for anything you’d like.

MQTT is insecure by default, there is no way to verify who is sending your message, unless you enable that in your Broker. You can read wether a broker is secure or not by looking at the port in most cases.

When you use MQTT via browser, you need to connect to your Broker via websockets.

Brokers

An MQTT broker is the server that listens to the messages and forwards them. There are a few public brokers available for you to test with. But everyone can use those, which makes them insecure. test.mosquitto is one of these brokers. I personally use this broker in my tools & games built on MQTT, this was a choice by design to build it onto a public insecure broker.

You can setup your own broker with tools like EMQX, I personally use one of these docker containers on my VPS. When you setup a broker you can choose whether to allow everyone or use authention. This makes it so your broker is more secure.

Security

I’d say that if you use a private Broker with auth, you’ll most likely be fine. But don’t share the broker IP if you don’t use auth, nor share credentials. At least, if you want it secure.

Graph View

Backlinks