Menu
▾
▴
Re: [Ejbca-develop] Reset the End Entity status easily ...
|
From: Andreas K. <ku...@tr...> - 2014-04-26 10:20:29
|
Am 25.04.2014 18:44, schrieb ejbca-support: >> As far as I understood the command line tool is just a wrapper around >> the well known remote interfaces. Is there a simple user/status method >> in the web services interface? > This would be the closest: > http://ejbca.org/docs/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html#editUser(org.ejbca.core.protocol.ws.client.gen.UserDataVOWS) Yes, found it, tried it. But if I get right it requires aspects of the user to re-transmitted correctly. The command line functionality is much more what I would expect ... > >> Or is there another (private) gate into the heart of the EJBCA? > Yes, all EJBCA functionality is exposed through Java Beans. > The CLI are using these. > > However, they are indeed considered as private but naturally you are free > to use them anyway but at your own risk since we reserve the right to > change them whenever it is needed. Oh, yes, I see ... in our ejb applcation we consider exposing internals Java-Bean-wise more as a security risk rather than a handy interface. Moreover, as you mentioned, the 'internal use only' nature makes it difficult to depend on it. Regarding the closely coupled command line tools this is not a severe restriction ... But what about the security impacts? I'm sure you discussed this ... could you share your thoughts? We came to the conclusion to allow bean access process-internal only ... Greetings, Andreas |
