I agree, doing both would be the best choice of implementation.
Gregg Wonderly
Christopher Dolan wrote:
Best would be to block on both client and server side. Client to help
performance and server to prevent malicious intent. Server side would be the
minimum implementation.
Chris
-----Original Message-----
From: Patrick Wright [mailto:[email protected]]
Sent: Monday, June 28, 2010 3:17 AM
To: [email protected]
Subject: Re: ServiceRegistrar
On Mon, Jun 28, 2010 at 10:11 AM, Tom Hobbs <[email protected]> wrote:
Does this not hook into the security discussions on internet-visible
services?
You can satisfy your use case with authorisation levels and just not give
"everyone" the authority to register services. To my mind, this seems
cleaner (although not necessarily better or easier), than having two breeds
of ServiceRegistrar.
Just a thought--it seems to me you would want to block this on the
client side, to prevent DDOS attacks on the LUS if the LUS is visible
"globally". Block all attempts to register with a locally-generated
and thrown exception (via smart proxy returned by LUS on lookup).
Patrick
