Assuming that all clients speak proper Thrift protocol to your server you
will be able to have a authentication mechanism as long as you define your
own.
What I was saying is that if you are trying to make your server secure you
need to check if thrift still has the same problem where it crashes if you
send data that is not formatted in valid Thrift protocol. If it does still
crash your server then you'll need to think of some way around this.
I believe most people use Thrift in private networks so they do not need
to be as concerned about client validation.
-Rory
PS: By bogus I just meant that the data is not valid in the context
On Fri, 17 Jun 2011 15:22:48 +0200, Ma Chao <[email protected]> wrote:
> So you mean bogus could achieve this:
> Our requirement is:
> Assume there are two clients called CLIENT-A and CLIENT-B and a server
> SERVER.
>
> Now, we hope only CLIENT-A which registered before in SERVER could
> invoke the RPC server (SERVER). CLIENT-B can't.
>
> Could bogus achieve this?
>
> Thanks,
>
> -Chao
>
> On Fri, 2011-06-17 at 09:03 +0200, Rory McGuire wrote:
>> Thrift also used to be easy to break the server by sending bogus data
>> to
>> it so you might want to check if thats
>> changed.
>> Having authentication doesn't mean much if just anyone can crash it
>> with
>> telnet.
>>
>> Enjoy
>> -Rory
>>
>> On Fri, 17 Jun 2011 03:55:51 +0200, Ma Chao <[email protected]>
>> wrote:
>>
>> > OK. I see. I will try to modifying our interface. Thank you very
>> much~
>> > On Thu, 2011-06-16 at 09:30 -0700, Bryan Duxbury wrote:
>> >> Thrift does not have authentication support. You need to add it
>> into
>> >> your
>> >> own interfaces manually.
>> >>
>> >> On Wed, Jun 15, 2011 at 6:47 PM, Ma Chao <[email protected]>
>> wrote:
>> >>
>> >> > Hi guys,
>> >> >
>> >> > This is Chao Ma, a engineer in a small company and using thrift
>> as our
>> >> > RPC generator.
>> >> >
>> >> > We want to give authentication to the RPC client to invoke our
>> RPC
>> >> > server. That means only some authenticated clients can invoke our
>> RPC
>> >> > server.
>> >> > We don't want to change the interface of RPC servers/clients what
>> we
>> >> > have. So the best thing is thrift supports it natively.
>> >> >
>> >> > I don't know how to achieve this with thrift. Could you guys help
>> me?
>> >> > Any solution and idea is appreciated :-)
>> >> >
>> >> > Thank you very much!
>> >> >
>> >> > Chao.
>> >> >
>> >> >
will be able to have a authentication mechanism as long as you define your
own.
What I was saying is that if you are trying to make your server secure you
need to check if thrift still has the same problem where it crashes if you
send data that is not formatted in valid Thrift protocol. If it does still
crash your server then you'll need to think of some way around this.
I believe most people use Thrift in private networks so they do not need
to be as concerned about client validation.
-Rory
PS: By bogus I just meant that the data is not valid in the context
On Fri, 17 Jun 2011 15:22:48 +0200, Ma Chao <[email protected]> wrote:
> So you mean bogus could achieve this:
> Our requirement is:
> Assume there are two clients called CLIENT-A and CLIENT-B and a server
> SERVER.
>
> Now, we hope only CLIENT-A which registered before in SERVER could
> invoke the RPC server (SERVER). CLIENT-B can't.
>
> Could bogus achieve this?
>
> Thanks,
>
> -Chao
>
> On Fri, 2011-06-17 at 09:03 +0200, Rory McGuire wrote:
>> Thrift also used to be easy to break the server by sending bogus data
>> to
>> it so you might want to check if thats
>> changed.
>> Having authentication doesn't mean much if just anyone can crash it
>> with
>> telnet.
>>
>> Enjoy
>> -Rory
>>
>> On Fri, 17 Jun 2011 03:55:51 +0200, Ma Chao <[email protected]>
>> wrote:
>>
>> > OK. I see. I will try to modifying our interface. Thank you very
>> much~
>> > On Thu, 2011-06-16 at 09:30 -0700, Bryan Duxbury wrote:
>> >> Thrift does not have authentication support. You need to add it
>> into
>> >> your
>> >> own interfaces manually.
>> >>
>> >> On Wed, Jun 15, 2011 at 6:47 PM, Ma Chao <[email protected]>
>> wrote:
>> >>
>> >> > Hi guys,
>> >> >
>> >> > This is Chao Ma, a engineer in a small company and using thrift
>> as our
>> >> > RPC generator.
>> >> >
>> >> > We want to give authentication to the RPC client to invoke our
>> RPC
>> >> > server. That means only some authenticated clients can invoke our
>> RPC
>> >> > server.
>> >> > We don't want to change the interface of RPC servers/clients what
>> we
>> >> > have. So the best thing is thrift supports it natively.
>> >> >
>> >> > I don't know how to achieve this with thrift. Could you guys help
>> me?
>> >> > Any solution and idea is appreciated :-)
>> >> >
>> >> > Thank you very much!
>> >> >
>> >> > Chao.
>> >> >
>> >> >
