Asp Forum - Re: Questions about DRb and security

Pit Capitain

12/11/2006 5:16:00 PM

Jonas Pfenniger schrieb:
> ...
> As you see, this is very simple, but I'm wondering if this is enough. For
> example, how does the client know the reference to [1,2,3]. Could it be
> guessed in some way, so that it could bypass the AuthenticationProxy ?

Jonas, I'm no DRb expert, but this client code can get access to the
real object without authenticating itself:

@proxy = DRbObject.new( nil, URI )
class << @proxy
undef_method :instance_variable_get
end
@proxy.instance_variable_get("@object") # => [1, 2, 3]

It is necessary to undefine #instance_variable_get for the local @proxy
object, so that the message is forwarded to the AuthenticationProxy on
the server side.

Regards,
Pit

Servizio di avviso nuovi messaggi

Ricevi direttamente nella tua mail i nuovi messaggi per
Re: Questions about DRb and security

Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te

Il servizio è completamente GRATUITO!

comp.lang.ruby

Re: Questions about DRb and security

Pit Capitain

x Login to ForumsZone