continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Edward Gruber <>
Subject Re: How can an agent be sure that a request comes from its master?
Date Mon, 19 Jan 2009 20:15:41 GMT
The simple answer would be a shared secret, provided in the  
configuration of the agent.  So long as the master can provide the  
shared secret to the agent, it'll respond appropriately.  Client-ssl  
certs could work, though recent root-certificate-authority hacks may  
make that less than perfect.  But ultimately, I think the same sorts  
of auth options that any web-app has available to it could be used, so  
long as nothing is sent in clear-text.


On 19-Jan-09, at 11:48 , Wendy Smoak wrote:

> In the current implementation, it seems that an agent will accept
> requests from anybody, though it will only send responses to the
> master url in its configuration file.
> I'd like that to change so that an agent will only act on requests
> from its master, but just comparing the urls doesn't seem good enough.
> How can the agent be sure that the server making the request really is
> who it says it is?
> -- 
> Wendy

Christian E. Gruber - President / Senior Consultant                
Isráfíl Consulting Services Corporation                            
mobile: +1 (289) 221-9839
"Keenness of understanding is due to keenness of vision..."        
phone:  +1 (905) 640-1119

View raw message