river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Dolan" <christopher.do...@avid.com>
Subject RE: ServiceRegistrar
Date Mon, 28 Jun 2010 14:01:39 GMT
Best would be to block on both client and server side.  Client to help performance and server
to prevent malicious intent.  Server side would be the minimum implementation.

Chris

-----Original Message-----
From: Patrick Wright [mailto:pdoubleya@gmail.com] 
Sent: Monday, June 28, 2010 3:17 AM
To: river-dev@incubator.apache.org
Subject: Re: ServiceRegistrar

On Mon, Jun 28, 2010 at 10:11 AM, Tom Hobbs <tvhobbs@googlemail.com> wrote:
> Does this not hook into the security discussions on internet-visible
> services?
>
> You can satisfy your use case with authorisation levels and just not give
> "everyone" the authority to register services.  To my mind, this seems
> cleaner (although not necessarily better or easier), than having two breeds
> of ServiceRegistrar.

Just a thought--it seems to me you would want to block this on the
client side, to prevent DDOS attacks on the LUS if the LUS is visible
"globally". Block all attempts to register with a locally-generated
and thrown exception (via smart proxy returned by LUS on lookup).


Patrick

Mime
View raw message