Hi,
Paul Alfille:
> 2. Limit the tcp address. Typically, owhttpd is started with only a port
> specification (e.g. -p 4304). This is effectively -p *.*.*.*:4304 . You can
> specify a more limited audience, which can be particularly useful with some
> of the techniques discussed below. We do no verification, so your network
> setup would have to ensure the validity of the claimed addresses of
> clients. (spoofing).
>
Mmh. It's a TCP socket, so you need a three-way handshake, so it's not
_that_ easy to spoof an address.
Anyway, I'd use the kernel iptables rules to filter allowed client addresses.
That of course doesn't discriminate between read and write accesses,
much less more fine-grained permissions, but it's a start.
> 5. Write a CGI program for a web server with the security you want, and use
> perl or PHP or whatever to get the data. Even wget to a local owhttpd to get
> HTML code.
Wrappers are good. You can of course do any access control you like with them.
I'd advise against talking to a local owhttpd, though. IMHO, you'd be
better off (from both the data handling and the security PoV) writing
the required methods yourself, and talking to the local owserver directly.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [email protected]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
v4sw7$Yhw6+8ln7ma7u7L!wl7DUi2e6t3TMWb8HAGen6g3a4s6Mr1p-3/-6 hackerkey.com
- -
What we want is to see the child in pursuit of knowledge, and not knowledge
in pursuit of the child.
-- George Bernard Shaw
------------------------------------------------------------------------------
_______________________________________________
Owfs-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/owfs-developers
