[Swift-devel] Re: latest Falkon code is in SVN!

Ioan Raicu iraicu at cs.uchicago.edu
Thu Sep 6 23:35:21 CDT 2007


Right, I thought of something like that as well, but just haven't gotten 
around to implementing this yet.  Another thing that could be done is to 
do filtering based on IPs, essentially only allowing workers from 
certain IPs, or IP subnets.

Ioan

Mihael Hategan wrote:
> You could reduce the likelihood of DoSes by using random cookies/tokens
> to ensure that only valid workers connect to the server used by the
> workers. Although the means you communicate them to the workers need to
> ensure that they are hidden from public eyes (maybe o-rw files?).
>
> On Thu, 2007-09-06 at 22:26 -0500, Ioan Raicu wrote:
>   
>> You took my comment out of context.  I said:
>>     
>>> I would argue for having the default with no security enabled,
>>> especially between workers and the service. 
>>>       
>> So, again, this states that the default security level between service
>> and workers be without any security... I think it is OK (maybe even
>> preferred) to have the default security be enabled for the clients /
>> Falkon provider.  I still don't understand why you are saying that no
>> security implies "negligently broken", as that is what Condor and PBS
>> do as well.  The only entities injecting work into Falkon are the
>> clients (not the workers), and hence I agree that its important to
>> protect against clients by adding some default security.  Not
>> protecting against the workers might simply allow wholes in the system
>> for denial of service attacks, but I don't see how arbitrary code from
>> anyone could possibly be run if the single entry point into the
>> service (the client interface) is protected.
>>
>> I really don't care what you set the defaults to, my only point and
>> argument was that I wanted to make things easiest on the end-users!
>>
>> Ioan
>>
>> Ben Clifford wrote: 
>>     
>>> On Wed, 5 Sep 2007, Ioan Raicu wrote:
>>>
>>>   
>>>       
>>>> I would argue for having the default with no security enabled
>>>>     
>>>>         
>>> Giving software out to users that by default allows any person anywhere on 
>>> the internet can execute arbitrary code as them seems negligently broken.
>>>
>>>   
>>>       
>> -- 
>> ============================================
>> Ioan Raicu
>> Ph.D. Student
>> ============================================
>> Distributed Systems Laboratory
>> Computer Science Department
>> University of Chicago
>> 1100 E. 58th Street, Ryerson Hall
>> Chicago, IL 60637
>> ============================================
>> Email: iraicu at cs.uchicago.edu
>> Web:   http://www.cs.uchicago.edu/~iraicu
>>        http://dsl.cs.uchicago.edu/
>> ============================================
>> ============================================
>> _______________________________________________
>> Swift-devel mailing list
>> Swift-devel at ci.uchicago.edu
>> http://mail.ci.uchicago.edu/mailman/listinfo/swift-devel
>>     
>
>
>   

-- 
============================================
Ioan Raicu
Ph.D. Student
============================================
Distributed Systems Laboratory
Computer Science Department
University of Chicago
1100 E. 58th Street, Ryerson Hall
Chicago, IL 60637
============================================
Email: iraicu at cs.uchicago.edu
Web:   http://www.cs.uchicago.edu/~iraicu
       http://dsl.cs.uchicago.edu/
============================================
============================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/swift-devel/attachments/20070906/0a2a0bfa/attachment.html>


More information about the Swift-devel mailing list