On 09/23/2014 04:33 AM, Sergey Mironov wrote:
Hi! Please, consider applying the patch for getting the IP-address of a client.
The basic functionality seems reasonable, but I have two misgivings about this patch:
1) Allowing all [transaction] code to read the client IP address by default bothers the capability-system nerd in me. This kind of functionality seems roughly comparable to reading request headers, which currently works with a configurable whitelist of headers that may be read. Most applications will rule out reading of most headers.
2) The compiler and runtime system include a plugin system for application protocols. Of the 4 plugins that come with the compiler, I believe this patch will only work correctly for 1 of them, 'http'. For at least one of them, 'fastcgi', I think the new operation will even always return localhost, rather than signaling a runtime error! The parameter name 'sock' for uw_request() is actually quite misleading, as the parameter is not guaranteed to be a socket handle, even if it's greater than -1; it's treated like a polymorphically typed parameter, which only needs to be compatible with the 'send' parameter. (Sorry about that grossness. :\)
_______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
