Re: [Gnumed-devel] multitaskhttpd experiment

[lkcl]

Sebastian Hilbert wrote:
> 
>> watch the two simultaneous connections _not_ interfere with each
>> other....
>> aw DRAT, i just added a third proxy connection, tried to get it to fail,
>> and it doesn't!
>> 
>> there's something fishy going on, here.
>> 
>> l.
> 
> proxy session has no password ?
> 
> Sebastian
> 

 yes, that's right, it doesn't, and never will have, because how can you
provide one?  you are not supposed to just allow connections to the database
at random, from the public internet, are you?

 so the proxy *must* not be started up with "a random database username and
password", because then *anyone* could gain access to the functions exposed
through the JSONRPC service.

  so the third session, as you can see from testjsonrpc.py, tests this by
making a function call "get_doc_types()" *without* first doing a jsonrpc
function call to login().

 and as a result, on the SERVER side, the application STOPs working because
a username and password is requested on the command prompt!

 i consider this to be a success :)

 what should actually be done is simply an exception raised "access denied",
which is propagated up through the JSONRPC layer, it will throw an exception
stack back over the JSONRPC link, back to the client.

 l.


-- 
View this message in context: 
http://old.nabble.com/multitaskhttpd-experiment-tp29154568p29165019.html
Sent from the GnuMed - Dev mailing list archive at Nabble.com.