Patrick Wright schrieb: >> I was more thinking about a per user server. > > What exactly is a per-user server? Each user can launch their own > instance on a given box, but ports can't be user-specific, can they?
the common technique is to store a file special to the user containing the port. I think it is a common technique on Unix environments. >> even if it is not launched as root... I don't want another user to be >> able to write into my home directory ;) > > There will be a number of cases to distinguish. For example, no one > (that I know of) is on my box except for me. If I don't allow incoming > access to a given NG port, then only I (an account on that machine) > can access it. If you are on a box with many users, then you have a > different problem to address. that might be right.... but even if you are alone on your box I don't want to let a nonpriveledged process write into a directory where it shouldn't write into. Even on Windows these things are becoming more important since Vista. Every program that opens new security holes on purpose is to avoid, even if I am alone on my machine, unless you can guarantee that all other running processes do what they should do and nothings else. And I don't know about you, but even if I had written all of them (and at last for the OS I did it surely not) I wouldn't trust my abilities that much to say that they are all free of bugs and do not open a backdoor somehow > I don't know of a way to reliably have a user identify/authenticate > themselves to a server, from a command-line, using the sort of > lightweight streaming protocol that NG uses. that is basically ok, as long as the server has not more rights than the user.... for example using one server for two user would mean the server needs to have the rights of both of them, which should not happen. Another common technique is to give that its own user, for example the apache is running with its own user. But that is not exactly what we need, because we still want to for example read/write files of the user where only the user has the right to read/write them bye blackdrag -- Jochen "blackdrag" Theodorou The Groovy Project Tech Lead (http://groovy.codehaus.org) http://blackdragsview.blogspot.com/ http://www.g2one.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "JVM Languages" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/jvm-languages?hl=en -~----------~----~----~----~------~----~------~--~---
