Simple solution is have the downstream service identify itself in the handshake with it's IP address
On Wed, Jan 15, 2014 at 2:01 PM, Andrew Hume <[email protected]> wrote: > every time i have wanted this, it turned out that it was a stupid way to do > what i really wanted. > to me, it comes down to this: > > 1) do you really care? surprisingly, the answer is often, not really. > if you do care, then you HAVE to authenticate. > 2) using IP addresses as a proxy for authentication and authorization is a > dodgy business; > it is more or less convenient but full of surprises and wouldn’t pass muster > where i > work in a security audit (which i assume you will have if you need to log ip > addresses). > > On Jan 15, 2014, at 8:14 AM, mraptor <[email protected]> wrote: > > hi I was looking for a way to find the peer/client ip address. > All of the replies I've seen so far say it is not possible to get the IP > address of the peer in ZeroMQ. > > The main objection for not providing the IP address seem to be that zeromq > work on top of protocols which may not be TCP/IP. > > The solution pointed by most of the people seems to be to figure out the IP > address at the client and pass it as a part of the message. > > I'm currently needing the IP address for logging purposes and in the future > for filtering and routing. > Two problems arise : > > 1. What happens if you don't have access to the client code i.e. it is > written by third party > 2. Second allowing the client to provide the IP address could be major > security breach, because if it is up to the client, they can place whatever > IP they want, how would you know ? > > How do you solve those problems ? Unless zeromq, already have some means of > getting the peer IP, the discussions about this were from 2011 ? > > thank you > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > ----------------------- > Andrew Hume > 949-707-1964 (VO and best) > 732-420-0907 (NJ) > [email protected] > > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
