Hi,
I'm trying to build a client-server application and it seems that DRb is
a really nice way of doing this. The problem is that there doesn't seem
to be any good way of actually locking down DRb if the service is
published on a publicly accessible port.
I have tried this:
Create a web service which accepts a username/password. A call hands
back a token (valid for 30 seconds) and adds the callers IP address to
the ACL for DRb. The caller must attach to DRb and present the token
within the 30 seconds or the ACL is reset and the token expires. I am
prepared to trust people with a valid login not to be running code which
will mangle the server.
The above seems to be a good way of securing the service, but soap4r has
two problems:
(a) It hangs the client for 30 seconds after use when I try to start a
GTk thread. Weird!
(b) It doesn't work in Ruby 1.9,
So, should I look into a less buggy (and more compatible) web service or
is there a way of setting up DRb on its own in such a way that
malevolent users can be screened? Or, can someone suggest a better way
of managing this?
Thanks,
Matt.
···
--
Posted via http://www.ruby-forum.com/.
Matt Savigear wrote:
Hi,
I'm trying to build a client-server application and it seems that DRb is
a really nice way of doing this. The problem is that there doesn't seem
to be any good way of actually locking down DRb if the service is
published on a publicly accessible port.
Is ssh tunneling an option?
···
--
vjoel : Joel VanderWerf : path berkeley edu : 510 665 3407
Joel VanderWerf wrote:
Is ssh tunneling an option?
Interesting question. It might be if I can automate the whole thing in a
cross-platform way for non-technical users...
···
--
Posted via http://www.ruby-forum.com/\.
Matt Savigear wrote:
Joel VanderWerf wrote:
Is ssh tunneling an option?
Interesting question. It might be if I can automate the whole thing in a cross-platform way for non-technical users...
It's not too bad. On windows, give them a batch file that does this:
ssh2 -L 8888:example.com:8888 user@example.com
There may even be a way to automatically set up a tunnel in the ssh config, but this works too.
The -n and -N options to ssh are useful in this case on linux/unix, but I haven't tried them on windows.
If you have users set up key-based authentication, then you can even set up the tunnel from your application code instead of a .bat, and the users don't have to type username/password.
The huge benefit is that your application code can then mostly ignore authentication and security issues.
···
--
vjoel : Joel VanderWerf : path berkeley edu : 510 665 3407
Joel VanderWerf wrote:
It's not too bad. On windows, give them a batch file that does this:
(snip)
OK, great, I'll look into this too. First though, I'm wrapping my head
around xmlrpc and finding there's no documentation...
Thanks!
···
--
Posted via http://www.ruby-forum.com/\.
Another option (and I know nothing about DRb so I have no idea if it's
feasible or not) might be to use SSL with client certificate authentication.
-Mario.
···
--
I want to change the world but they won't give me the source code.
On Wed, Sep 2, 2009 at 21:54, Matt Savigear <mcs_ruby@savigear.com> wrote:
Joel VanderWerf wrote:
> It's not too bad. On windows, give them a batch file that does this:
(snip)
OK, great, I'll look into this too. First though, I'm wrapping my head
around xmlrpc and finding there's no documentation...
Thanks!
--
Posted via http://www.ruby-forum.com/\.