On Wed, Aug 27, 2008 at 07:36:23PM +0200, Jiri Klement wrote: > > 1) tilesGen currently has three ways of running Batik: through a > > wrapper, directly running the jar in java and the agent. I'm thinking > > about doing autodetection on which method to use, is there any reason > > why that would be a bad idea somehow? > > Batik in wrapper/jar mode and batik in agent mode are independent. > It's possible both method will work and users might want to decide > which method use.
Yeah, ok, I'll make those two separateable then, but with fallback to something else if the main choice isn't available. > > 2) Batik agent seems to do some logging to the STDOUT or ERR of the > > agent server, and some to the file specified with log= on the inet > > socket. I'd really like to avoid creating logfiles at the place in the > > program I want to put this, would it be possible for it to dump that > > output to the network socket instead? > > It should be safe to ignore logging to stdout/stderr, all important > stuff should get into log file. Data are written to log file only when > rendering fails, so I can instead of writing log file send error > description with agent response back to client. That would be great. > > 3) The network socket listens openly to everywhere and doesn't do any > > authentication or anything at all, which means anybody that's able to > > reach a machine running the agent over tcp/ip can make it use loads of > > resources, and even overwrite any files the user running the agent has > > write access to. > > > > At the very least only listen to the local interface, and you really > > need some way to authenticate the user that's connected as well. I > > know it's possible on *nix, and for example postgres uses it for > > authentication, doing something sensible in java that will also work > > on windows is not something I know how to do. > > Is it enough to authenticate using osm username/password? It is > probably easy to steal because its sent as plaintext to [EMAIL PROTECTED] > server, > but at least some protection. > Also I can change agent to send rendered png over network, so at least > attacker won't be able to overwrite any files. If you authenticate the user and only listen to the loopback interface I think it would be secure enough. It's not like [EMAIL PROTECTED] is bulletproof, if anybody told me they ran it on a critical server I'd scream at them to run off and stop it, anyway ;) Sending both the log and the png back over the network will require a bit of protocol and stuff, I'd rather avoid that in favor of a simple thing like $log\n\nSTATUS or something. > > 4) I had some problems getting the agent to work at all, does it > > require the area= parameter or something? That really should be > > optional unless you don't care about using it for anything other than > > [EMAIL PROTECTED] > I didn't intend to use batik agent in anything else than [EMAIL PROTECTED] But > there is no reason while area and other parameters have to be > mandatory so I will change that. Cool, thanks. I'm making SVG::Rasterizer very generic and plan to eventually put it on CPAN, would be cool if batik-agent was robust enough to tag along... (If you're not opposed to it of course, what's the license anyway?) -- Knut Arne Bjørndal aka Bob Kåre [EMAIL PROTECTED] [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Tilesathome mailing list [email protected] http://lists.openstreetmap.org/listinfo/tilesathome
