[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] multitaskhttpd experiment

From: lkcl
Subject: Re: [Gnumed-devel] multitaskhttpd experiment
Date: Wed, 14 Jul 2010 11:11:03 -0700 (PDT)

Sebastian Hilbert wrote:
>> watch the two simultaneous connections _not_ interfere with each
>> other....
>> aw DRAT, i just added a third proxy connection, tried to get it to fail,
>> and it doesn't!
>> there's something fishy going on, here.
>> l.
> proxy session has no password ?
> Sebastian

 yes, that's right, it doesn't, and never will have, because how can you
provide one?  you are not supposed to just allow connections to the database
at random, from the public internet, are you?

 so the proxy *must* not be started up with "a random database username and
password", because then *anyone* could gain access to the functions exposed
through the JSONRPC service.

  so the third session, as you can see from, tests this by
making a function call "get_doc_types()" *without* first doing a jsonrpc
function call to login().

 and as a result, on the SERVER side, the application STOPs working because
a username and password is requested on the command prompt!

 i consider this to be a success :)

 what should actually be done is simply an exception raised "access denied",
which is propagated up through the JSONRPC layer, it will throw an exception
stack back over the JSONRPC link, back to the client.


View this message in context:
Sent from the GnuMed - Dev mailing list archive at

reply via email to

[Prev in Thread] Current Thread [Next in Thread]