Re: [staf-users] Security model of STAF?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, 4 Jun 2004 10:03:18 -0500, "Charles Rankin" <ra...@us...>
said:
> sta...@li... wrote on 06/03/2004 07:45:50 PM:

> Currently/technically, STAF's security model is based around hostnames, 
> not IP addresses.  One of the additions to STAF V3.0 will be the ability 
> to specify security based on IP address.

I'm talking about the lower level implenetation, not the user-visible
syntax (i.e. at the TCP/IP level, there is no concept of hostnames).

Does STAF look at the IP a connection is coming from and then do a
reverse DNS lookup (or whatever is specified in Unix
nsswitch.conf/whatever Windows uses) to get the hostname and compare it
against its trusted hosts file, or is there some other way it gets the
hostname information (i.e. trusting the calling box to provide it in the
context of other STAF transactions)?

If the former is the case, is there doc somewhere about how CNAMEs and
other DNS edge cases are handled (or I guess I should just go look at the
code :-)

-- 
Daniel Joseph Barnhart Clark
http://www.pobox.com/users/dclark