Hi Pieter, Is there any example for Strawhouse security pattern using C++ czmq wrapper? This link http://hintjens.com/blog:49 only talks about c way of doing it.
I found github repository https://github.com/zeromq/czmqpp which looks like it's a C++ wrapper for czmq but not able to find any example how to use Strawhouse security pattern. On Mon, Dec 15, 2014 at 1:21 PM, Check Peck <[email protected]> wrote: > > Ok got it. I have another question on zauth which I have asked separately > in another question with the subject name. > How to use ZeroMQ context with zauth? > > See if you can help me out. > > On Mon, Dec 15, 2014 at 1:17 PM, Pieter Hintjens <[email protected]> wrote: >> >> You can't white/blacklist on domain names without a lot more work. The >> zauth class uses the IP address as provided by the network. >> >> On Mon, Dec 15, 2014 at 9:57 PM, Check Peck <[email protected]> >> wrote: >> > Thanks Pieter, Yes it worked fine after I remove older version of >> libzmq. >> > >> > One question I have on Strawhouse pattern is - Does it always work with >> IP >> > Address? I cannot use hostname to white list it? If I try to replace >> > 127.0.0.1 with localhost or the actual machine name, then it doesn't >> work. >> > >> > zauth_allow (auth, "127.0.0.1"); // this works fine >> > zauth_allow (auth, "localhost"); // this doesn't works >> > zauth_allow (auth, "machineA.dev.com"); // this doesn't works >> > >> > // The Strawhouse Pattern >> > // >> > // We allow or deny clients according to their IP address. It may keep >> > // spammers and idiots away, but won't stop a real attacker for more >> > // than a heartbeat. >> > >> > #include <czmq.h> >> > >> > int main (void) >> > { >> > // Create context >> > zctx_t *ctx = zctx_new (); >> > >> > // Start an authentication engine for this context. This engine >> > // allows or denies incoming connections (talking to the libzmq >> > // core over a protocol called ZAP). >> > zauth_t *auth = zauth_new (ctx); >> > >> > // Get some indication of what the authenticator is deciding >> > zauth_set_verbose (auth, true); >> > >> > // Whitelist our address; any other address will be rejected >> > zauth_allow (auth, "127.0.0.1"); >> > >> > // Create and bind server socket >> > void *server = zsocket_new (ctx, ZMQ_PUSH); >> > zsocket_set_zap_domain (server, "global"); >> > zsocket_bind (server, "tcp://*:9000"); >> > >> > // Create and connect client socket >> > void *client = zsocket_new (ctx, ZMQ_PULL); >> > zsocket_connect (client, "tcp://127.0.0.1:9000"); >> > >> > // Send a single message from server to client >> > zstr_send (server, "Hello"); >> > char *message = zstr_recv (client); >> > assert (streq (message, "Hello")); >> > free (message); >> > puts ("Strawhouse test OK"); >> > >> > zauth_destroy (&auth); >> > zctx_destroy (&ctx); >> > return 0; >> > } >> > >> > >> > >> > On Sat, Dec 13, 2014 at 1:04 AM, Pieter Hintjens <[email protected]> wrote: >> >> >> >> You presumably have two versions of libzmq installed on your system, >> >> and gcc is complaining they both have the same symbols. I'd recommend >> >> removing the older version. >> >> >> >> On Sat, Dec 13, 2014 at 1:29 AM, Check Peck <[email protected]> >> >> wrote: >> >> > I am trying to use Strawhouse security pattern in my zero-mq >> >> > development. I >> >> > was following this wiki http://hintjens.com/blog:49 and when I try >> to >> >> > run >> >> > below simple program to make sure I have everything installed, I got >> an >> >> > error - >> >> > >> >> > #include <czmq.h> >> >> > >> >> > int main (void) { >> >> > zctx_t *ctx = zctx_new (); >> >> > void *publisher = zsocket_new (ctx, ZMQ_PUB); >> >> > zsocket_set_curve_server (publisher, true); >> >> > puts ("Hello, Curve!"); >> >> > zctx_destroy (&ctx); >> >> > return 0; >> >> > } >> >> > >> >> > I tried to compile it like this - >> >> > >> >> > gcc -o hello hello.c -lczmq -lzmq -lsodium >> >> > >> >> > And the error I got - >> >> > >> >> > /usr/bin/ld: warning: libzmq.so.4, needed by >> /usr/local/lib/libczmq.so, >> >> > may >> >> > conflict with libzmq.so.3 >> >> > >> >> > Does anyone know what does this mean and what wrong I am doing? >> >> > >> >> > _______________________________________________ >> >> > zeromq-dev mailing list >> >> > [email protected] >> >> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> >> > >> >> _______________________________________________ >> >> zeromq-dev mailing list >> >> [email protected] >> >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> > >> > >> > _______________________________________________ >> > zeromq-dev mailing list >> > [email protected] >> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> > >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >> >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
