Niclas Hedhman wrote:
On Sunday 08 August 2004 01:29, Alexis Agahi wrote:
IMO you should split telnet/ssh facility from console shell. One should be able to run the shell from command line (without having remote connection).
sorry, I gently disagree... Having a network socket is so much more natural, then trying to 'redirect Merlin output' elsewhere, get hold of System.in and be limited to a single user. Also doesn't help me much in background ops.
telnet localhost <port> is IMO, the most natural way to deal with this;
* SSH tunnelling is possible, to secure the connection.
* Can combine that with a "allow"/"deny" feature for incoming connections, to 'force' secure transport.
As for HTTP access, I am sorry to say that people are 'nuts' in respect to http. IP = stateless
TCP = stateful
HTTP = stateless
MyStuff = stateful
so why on earth go through this state-emulation once more? If the port80 is the issue, then do a SSH tunnel over port80... voila!
Don't expect me to add anything in this area, as I find it a stupid way to do things.
This remind me that we should (maybe I'm completly offtopic) think about having user management/JAAS service to manage user authentification ? :)
It is somewhat related, since I can imagine that a Merlin instance is used by a bunch of developers, each only authorized to some containers, and perhaps only to certain operations. So yes, it is related... But instead of digging into this at the moment, I decided to get something running quickly, as I have an immediate need.
I learned the hard way that it is naive to think that sysadmins behave rationally.
-- Stefano.
smime.p7s
Description: S/MIME Cryptographic Signature
