Maaten, I think I found a way to get the functionality that I need, but it will require me to edit Rugby a little bit. All I need to do to it is add a current-ip field to the rugby-server object and then add the line "rugby-server/current-ip: item/remote-ip" to the process ports function. This way I can get the calling client's IP address from within the server functions by using "cIP: rugby-server/current-ip". Do you have any problems with me making this revision? You are welcome to use it in your distribution if you would like.
Matt MacDonald >From: "Matt MacDonald" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: [REBOL] Re: Rugby Question >Date: Tue, 04 Nov 2003 08:31:57 -0500 > > >Yeah, I can see the risk in that. I'm using the secure functions of Rugby >now, but I also wanted to track IPs so that within a session, a user >doesn't >show up on multiple IP addresses. > >Matt >---------------------------------------------------------------- >Pretending your somebody else's ip address. Using Ip addresses is very >waek, security-wise. > >--Maarten > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf >Of > >Matt MacDonald > >Sent: maandag 3 november 2003 21:53 > >To: [EMAIL PROTECTED] > >Subject: [REBOL] Re: Rugby Question > > > > > >What do you mean spoofing? > >---------------------------------------------- > >Hi Matt, > > > > >Sorry, I had to put this problem aside for a minute. Ok Maarten, I > > >followed > > >your advise to keep a running list of the server ports when I connect > >to > > >them, that makes sense, but I'm still not following how the server >can > > >keep > > >track of the clients. Basically I need to do this on the server: > > > > > >alive: does > > >[ > > > client-IP: {get client IP and port from Rugby?} > > >] > > > > > >or something like that so that and then serve that function. This >way > >the > > >client can call that function periodically to let the server know >that > >it > > >is > > >still running. I need to have the IP for security reasons so I can > >make > > >sure that the client is coming from the same address every time. If > >you > > >need any more specifics, let me know. Some code would really help. > > > >You cannot get the client IP directly in Rugby. The ports are stored >in > >the i/o engine (port-q and object-q), but you cannot see that when a > >function is invoked (you don't see what client is calling). > > > >You restrict access to a set of functions using the /restirct > >refinement, but I doubt that is what you want. Perhaps a simple > >private/public key scheme works best here. With all the spoofing going > >on that is a better idea anyway. > > > >--Maarten > >_________________________________________________________________ >Crave some Miles Davis or Grateful Dead? Your old favorites are always >playing on MSN Radio Plus. Trial month free! >http://join.msn.com/?page=offers/premiumradio > >-- >To unsubscribe from this list, just send an email to >[EMAIL PROTECTED] with unsubscribe as the subject. > _________________________________________________________________ Is your computer infected with a virus? Find out with a FREE computer virus scan from McAfee. Take the FreeScan now! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 -- To unsubscribe from this list, just send an email to [EMAIL PROTECTED] with unsubscribe as the subject.
