On Sat, 2009-08-22 at 19:13 +0200, Thomas Keller wrote: > Stephen Leake schrieb: > > Timothy Brownawell <tbrow...@prjek.net> writes: > > > >> On Sat, 2009-08-22 at 09:44 -0400, Stephen Leake wrote: > >>> Is there a way to list the branches in a database on a server, without > >>> downloading the whole database? > >> Not yet, that happens after we move to ssl transport and enable > >> 'automate stdio' over the network. > > > > That makes sense. > > > > How is that going? I have some time to spend; can I help in some way? > > One of the currently unresolved issues I can think of here is the > security model which has to be applied. For now the `automate` interface > has no security model at all, thus you can do everything on the database > as soon as you get access to a running instance. > > Maybe we should get an idea of how to manage security here first?
Use people's monotone keys as (self-signed) client certificates (assuming it doesn't make sense for there not to be a way to retrieve the key info from the ssl layer), and add a lua hook "get_automate_command_permitted(command_name, key_info)" that's checked when anyone tries to an automate command from the network. So everything would be controlled by lua hooks, based on the key the client uses. _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel