On Jun 24, 2009, at 3:55 PM, Sam Lang wrote:
It sounds like your approach to eliminating security holes is with "security by obscurity". In other words, if the client (or some rogue process acting as a client) does not know that the interface is there, he can't abuse it. I don't think that's the right approach, especially since PVFS is completely open source, and anyone can just look at the code.
Rob points out that I don't really know about your security approach, so my above comments may not be entirely appropriate. I guess what I was trying to say is that it wasn't clear to me from a security perspective that moving batch_create to the server would be helpful for you. I'd be interested to hear about your security approach though, and will refrain from making comments about it until I have a better understanding of it. :-)
In a different context, Phil and I have discussed the issue of the server knowing the source of a request. It turns out this isn't an easy thing to do, at least for BMI tcp. Phil has added some code to BMI tcp in a separate branch that provides the functionality internally in BMI, and it shouldn't be hard to export the info through a get_info call. Let us know if that's something you're interested in!
-sam _______________________________________________ Pvfs2-developers mailing list [email protected] http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
