On 05/14/18 13:15, Dimitry Sibiryakov wrote:
14.05.2018 11:57, Alex Peshkoff via Firebird-devel wrote:
If key holder is expected to work with both types of keys secrtainly
it should try to talk to client. One written only for use of
non-client keys should not. Wjat a problem?
Number of combination growth as N^2 at least. Writing of separate
plugins for each possible use case is... boring.
What combinations? Key holder may need to establish connection to client
or may not. I see 2 cases here.
c) Key plugin is refused by application as a fake one.
It's normal error from server's POV. I'm even not sure is it good
idea to notify fake plugin that it's attack was detected ;-)
Ok, but how can application inform server that this key holder is
wrong?
Return empty reply.
This empty sting will be passed to key holder which can return 1 and
still be in use. I see no code in the server that would recognize
empty string returned from callback as "switch to the next key holder"
instruction.
Because it's not servers job to decide try remaining holders or not.
Server completely trusts key holders regarding it. If some key holder
answered 'yes, I can provide keys' it's enough. BTW, empty reply (why do
you call it string? that's not string but binary data) is a definite
sign of problems at the client side or network. When delivery or other
problems happen reply is empty, and it may be generated by basic FB
software. But client when it recognizes key holder can send non-empty
data containing any message. For example: hey, I understood your request
but for some reasons (appears fake, just wrong, etc.) will not send you
a key. I want to emphasize once more - this is information for key
holder plugin running, server itself knows nothing except an answer from
current key holder which is just a flag meaning continue with next key
holder or not.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
