unfortunately, as he said, third party code might not do this, and its prone to the service lying.
i would also point out, it is really nontrivial for client code to figure out what its IP address is (in general)! especially in cases where there are multiple interfaces. and the ip address the zeromq connection came in on might well be not the official (or well-known) IP address. On Jan 15, 2014, at 10:11 AM, Trevor Bernard <[email protected]> wrote: > Simple solution is have the downstream service identify itself in the > handshake with it's IP address > > On Wed, Jan 15, 2014 at 2:01 PM, Andrew Hume <[email protected]> wrote: >> every time i have wanted this, it turned out that it was a stupid way to do >> what i really wanted. >> to me, it comes down to this: >> >> 1) do you really care? surprisingly, the answer is often, not really. >> if you do care, then you HAVE to authenticate. >> 2) using IP addresses as a proxy for authentication and authorization is a >> dodgy business; >> it is more or less convenient but full of surprises and wouldn’t pass muster >> where i >> work in a security audit (which i assume you will have if you need to log ip >> addresses). >> >> On Jan 15, 2014, at 8:14 AM, mraptor <[email protected]> wrote: >> >> hi I was looking for a way to find the peer/client ip address. >> All of the replies I've seen so far say it is not possible to get the IP >> address of the peer in ZeroMQ. >> >> The main objection for not providing the IP address seem to be that zeromq >> work on top of protocols which may not be TCP/IP. >> >> The solution pointed by most of the people seems to be to figure out the IP >> address at the client and pass it as a part of the message. >> >> I'm currently needing the IP address for logging purposes and in the future >> for filtering and routing. >> Two problems arise : >> >> 1. What happens if you don't have access to the client code i.e. it is >> written by third party >> 2. Second allowing the client to provide the IP address could be major >> security breach, because if it is up to the client, they can place whatever >> IP they want, how would you know ? >> >> How do you solve those problems ? Unless zeromq, already have some means of >> getting the peer IP, the discussions about this were from 2011 ? >> >> thank you >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> >> >> >> ----------------------- >> Andrew Hume >> 949-707-1964 (VO and best) >> 732-420-0907 (NJ) >> [email protected] >> >> >> >> >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > ----------------------- Andrew Hume 949-707-1964 (VO and best) 732-420-0907 (NJ) [email protected]
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
