So you mean bogus could achieve this: Our requirement is: Assume there are two clients called CLIENT-A and CLIENT-B and a server SERVER.
Now, we hope only CLIENT-A which registered before in SERVER could invoke the RPC server (SERVER). CLIENT-B can't. Could bogus achieve this? Thanks, -Chao On Fri, 2011-06-17 at 09:03 +0200, Rory McGuire wrote: > Thrift also used to be easy to break the server by sending bogus data > to > it so you might want to check if thats > changed. > Having authentication doesn't mean much if just anyone can crash it > with > telnet. > > Enjoy > -Rory > > On Fri, 17 Jun 2011 03:55:51 +0200, Ma Chao <[email protected]> > wrote: > > > OK. I see. I will try to modifying our interface. Thank you very > much~ > > On Thu, 2011-06-16 at 09:30 -0700, Bryan Duxbury wrote: > >> Thrift does not have authentication support. You need to add it > into > >> your > >> own interfaces manually. > >> > >> On Wed, Jun 15, 2011 at 6:47 PM, Ma Chao <[email protected]> > wrote: > >> > >> > Hi guys, > >> > > >> > This is Chao Ma, a engineer in a small company and using thrift > as our > >> > RPC generator. > >> > > >> > We want to give authentication to the RPC client to invoke our > RPC > >> > server. That means only some authenticated clients can invoke our > RPC > >> > server. > >> > We don't want to change the interface of RPC servers/clients what > we > >> > have. So the best thing is thrift supports it natively. > >> > > >> > I don't know how to achieve this with thrift. Could you guys help > me? > >> > Any solution and idea is appreciated :-) > >> > > >> > Thank you very much! > >> > > >> > Chao. > >> > > >> >
