From: Daniel J. B. C. <dc...@po...> - 2004-06-05 20:22:59
|
On Fri, 4 Jun 2004 10:03:18 -0500, "Charles Rankin" <ra...@us...> said: > sta...@li... wrote on 06/03/2004 07:45:50 PM: > Currently/technically, STAF's security model is based around hostnames, > not IP addresses. One of the additions to STAF V3.0 will be the ability > to specify security based on IP address. I'm talking about the lower level implenetation, not the user-visible syntax (i.e. at the TCP/IP level, there is no concept of hostnames). Does STAF look at the IP a connection is coming from and then do a reverse DNS lookup (or whatever is specified in Unix nsswitch.conf/whatever Windows uses) to get the hostname and compare it against its trusted hosts file, or is there some other way it gets the hostname information (i.e. trusting the calling box to provide it in the context of other STAF transactions)? If the former is the case, is there doc somewhere about how CNAMEs and other DNS edge cases are handled (or I guess I should just go look at the code :-) -- Daniel Joseph Barnhart Clark http://www.pobox.com/users/dclark |