Hi Nel, In most of the cases, the Nuxeo Server is behind a firewall and a reverse proxy, so this is not an issue. For projets using RMI access : - either RMI access are limited to a sub LAN (typically Server to Server communication) - or RMI access go through a VPN (Client to Server communication, because RMI is not NATable)
So if neither of the solution is applicable for you, you will have to tweak the LoginModule to add a Shared secret check. We'll be glad to help you on that, but until then never had the requirement. Tiry On 26 March 2010 17:54, Nel Taurisson <[email protected]> wrote: > Ok, thanks. > > But then how can we secure the repository from malicious code but > still giving a remote access to a nuxeo client app we wrote ? > > Thanks a lot. > > Nel > > 2010/3/25 Florent Guillaume <[email protected]>: > > Did you actually get an answer? > > The short one is that no, it's not possible: Nuxeo Shell uses JBoss > > Remoting, which is designed as an equivalent to RMI and provides > > roughly full JVM access. So even if the shell superficially required > > credentials, underlying this the protocol would still be open to > > someone that compiled his own shell. > > > > Florent > > > > On Mon, Mar 22, 2010 at 5:35 PM, Nel Taurisson <[email protected]> > wrote: > >> Sorry, hit the button to fast. > >> > >> Thanks a lot for your answers. > >> Regards > >> > >> Nel > >> > >> > >> > >> > >> 2010/3/22 Nel Taurisson <[email protected]>: > >>> Hi, > >>> > >>> It seems to me that it is possible to connect to a remote nuxeo repo > >>> without any credential and have full read / write access to the repo. > >>> > >>> Maybe I'm missing a configuration property or something, but I'm > >>> affraid I can execute the following code either on nuxeo 5.2 or 5.3 : > >>> > >>> Collection<File> files = null; > >>> String bundles = System.getProperty("nuxeo.bundles"); > >>> if (bundles != null) { > >>> files = NuxeoApp.getBundleFiles(new File("."), bundles, > ":"); > >>> } > >>> > >>> NuxeoApp app = new NuxeoApp(); > >>> app.start(); > >>> > >>> if (files != null) { > >>> app.deployBundles(files); > >>> } > >>> > >>> NuxeoClient client = NuxeoClient.getInstance(); > >>> > >>> client.tryConnect("localhost", 62474); > >>> > >>> RepositoryInstance repo = client.openRepository() ; > >>> CoreSession documentManager = repo.getSession() ; > >>> > >>> DocumentModel doc = documentManager.getDocument( new PathRef( > >>> "/default-domain" ) ) ; > >>> doc.setPropertyValue( "dc:description" , "I could have killed > your repo" ) ; > >>> doc = documentManager.saveDocument( doc ) ; > >>> documentManager.save() ; > >>> > >>> System.out.println( documentManager.getDocument( new > PathRef( > >>> "/default-domain" ) ).getPropertyValue( "dc:description" ) ) ; > >>> > >>> repo.close() ; > >>> > >> > > > > > > -- > > Florent Guillaume, Director of R&D, Nuxeo > > Open Source, Java EE based, Enterprise Content Management (ECM) > > http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 > > > _______________________________________________ > ECM mailing list > [email protected] > http://lists.nuxeo.com/mailman/listinfo/ecm > To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm >
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
