[openroad-developer] RE: New OpenROAD HTTP Gatekeeper

Bodo Bergmann Bodo.Bergmann at ingres.com
Mon May 5 08:53:53 PDT 2008 

Durwin,
 
if the access is limited to one distinct appllication (AkaName), i.e.
using the OpenROAD_ServerApp parameter in the web.xml,
then there shouldn't be a way to call SCPs defined in other images.
Or do I miss something here ?
 
What do you mean with "Could the new Gatekeeper be written as a pure
Java Servlet with no references to any pre-compiled java classes?"
 
It has to use the "com.ca.openroad.SerialRemoteServer" class (provided
in the openroad.jar archive).
 
A servlet in Tomcat is a combination of web.xml file and one or more
class files - that's what I provided.
The goal is also to not even require a Java SDK on the machine - a JRE
should be enough to run Tomcat,
so even an "autocompile" feature for *.java sources would not help.
 
Bodo.

________________________________

From: Durwin Wright 
Sent: Monday, May 05, 2008 5:09 PM
To: openroad-developer at lists.ingres.com
Cc: Joseph C. Kronk; Roger L. Whitcomb; Bodo Bergmann; David Tondreau
Subject: RE: New OpenROAD HTTP Gatekeeper



The Serial Remote Server (SRS or Gatekeeper) has several purposes:

 

*         HTTP Access to the COM Remote Server class

*         Authentication of requestor 

*         Authorization of access to SCPs

 

The latter is the main reason why this is called the Gatekeeper.  There
is nothing that will prevent an OpenROAD Client application from
invoking any SCP that is defined in CORE.PLB.  The idea of the SRS was
to only allow the screening of SCPs invoked by OpenROAD Clients.  The
reason why this was deemed important was that it was envisioned that
this would provide Internet Access to the OpenROAD Server.  If there
were not limits on which SCP could be access then the OpenROAD Server
could be exposed to a DNOS attack.

 

I really would like to see the SRS be replaced.  I understand that
another goal is to provide an out-of-the-box solution that does not
require any compiling of Java code.  

 

Could the new Gatekeeper be written as a pure Java Servlet with no
references to any pre-compiled java classes?

 

Durwin Wright | Sr. Architect | Durwin.Wright at ingres.com
<mailto:Durwin.Wright at ingres.com>  | Ingres | 500 Arguello Street |
Suite 200 | Redwood City | CA | 94063 | USA
<http://maps.google.com/maps?q=500+arguello+street,+94063&ll=37.487297,-
122.233200&spn=0.004602,0.012771&t=k&hl=en>   +1 650-587-5523 | fax: +1
650-587-5550 

________________________________

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ingres.com/pipermail/openroad-developer/attachments/20080505/355e6f50/attachment.html

More information about the openroad-developer mailing list