Questions about DRb and security

Hello,

apart from running the DRb server over SSL and with $SAFE = 1, I would like
to add some user authentication to the process. What I was thinking, is
create a proxy object that would forward the server object if the user and
password is right. Here is a mockup :

class AuthenticationProxy
  def initialize(object, user, pass)
    @object, @user, @pass = object, user, pass
  end

  def get_server_object(user, pass)
    if user == @user and pass == @pass
      return @object
    else
      raise 'could not authenticate'
    end
  end
end

This class would be used in the following context :

require 'drb'
ap = AuthenticationProxy.new([1,2,3], 'someuser', 'somepassword')
DRb.start_service(nil, ap)
DRb.thread.join

As you see, this is very simple, but I'm wondering if this is enough. For
example, how does the client know the reference to [1,2,3]. Could it be
guessed in some way, so that it could bypass the AuthenticationProxy ?

Please let me know

Cheers,
  zimbatm

Jonas Pfenniger schrieb:

...
As you see, this is very simple, but I'm wondering if this is enough. For
example, how does the client know the reference to [1,2,3]. Could it be
guessed in some way, so that it could bypass the AuthenticationProxy ?

Jonas, I'm no DRb expert, but this client code can get access to the real object without authenticating itself:

   @proxy = DRbObject.new( nil, URI )
   class << @proxy
     undef_method :instance_variable_get
   end
   @proxy.instance_variable_get("@object") # => [1, 2, 3]

It is necessary to undefine #instance_variable_get for the local @proxy object, so that the message is forwarded to the AuthenticationProxy on the server side.

Regards,
Pit

Write a new DRbProtocol that must send user/password first.

Good point Pit I guess that there are other security issues