The Symfony Messenger component defines transports to send and receive
messages, often through queueing systems like Doctrine, Redis, Amazon SQS,
Beanstalkd, or AMQP.
If those queue systems are not properly secured, a malicious actor could inject
forged payloads into the queue. This is particularly dangerous for
messages that trigger commands or processes to run.
Although protecting your infrastructure is not Symfony’s responsibility,
Symfony 7.4 adds a new layer of defense. Messages can now be cryptographically
signed to detect and discard any that have been tampered with.
To enable message signing, set the sign option to true in the handler
that processes the message:
// src/MessageHandler/SmsNotificationHandler.php
namespace AppMessageHandler;
use AppMessageSmsNotification;
use SymfonyComponentMessengerAttributeAsMessageHandler;
#[AsMessageHandler(sign: true)]
class SmsNotificationHandler
{
public function __invoke(SmsNotification $message): void
{
// ... handle message
}
}# config/services.yaml
services:
AppMessageHandlerSmsNotificationHandler:
tags:
- { name: messenger.message_handler, sign: true }When signing is enabled, each message is signed using an HMAC signature computed
with your application’s secret key (kernel.secret parameter). The signature
is added to the message headers (Body-Sign and Sign-Algo) when the
message is sent, and verified automatically when it’s received.
If the signature is missing or invalid, an InvalidMessageSignatureException
is thrown and the message will not be processed.
