I updated BlacklistFilter to use a thread-safe class
(CopyOnWriteArrayList). This will make more sense because the majority of
the time the list will be accessed to read the data and not to update the
data.
On Nov 20, 2007 3:09 AM, Brad Harvey <[EMAIL PROTECTED]> wrote:
> Hi Alex,
>
> I think what you're asking for is two things:
> - A filter that has whitelist as well as blacklist capabilities
> (definitely useful).
> - Something external to the filter that can read the allow/deny and
> manipulate the filter with new values as required.
>
> This way the filter itself can be in core and can remain fairly simple,
> and there could be a an optional package for unix integration which has
> the functionality to read the hosts files.
>
> On another note, the thread safety in BlacklistFilter might not be
> correct. The blacklist collection is accessed by both synchronized and
> non synchronized methods.
>
> Cheers,
> Brad.
>
> Alex Karasulu wrote:
> > See I'm just trying to think of ways in which better UNIX integration
> > can be optionally incorporated. Another thing I like is logging to
> > /var/log/secure which get's picked up by things like DenyHosts to
> > feedback into these primitive access lists.
> >
> > I was thinking about how to do this for ApacheDS but it seemed to me
> > like it might benefit more than just LDAP. It's something that might
> > benefit several protocols that run on *NIX systems.
> >
> > Perhaps this is unnecessary don't know. Hence the request for feedback.
> >
> > Alex
> >
> > On Nov 19, 2007 8:44 PM, Alex Karasulu <[EMAIL PROTECTED]> wrote:
> >
> >> Right that's what I thought.
> >>
> >> Does anyone think it would it be worth adding some pluggable means to
> >> load the blacklisted IPs from files with the same format?
> >>
> >> Alex
> >>
> >>
> >> On Nov 19, 2007 8:39 PM, Mark <[EMAIL PROTECTED]> wrote:
> >>
> >>> I would say that the BlacklistFilter is much like /etc/hosts.deny. We
> do
> >>> not have a filter that mimics the functionality of /etc/hosts.allow
> >>>
> >>>
> >>>
> >>>
> >>> On Nov 19, 2007 8:32 PM, Alex Karasulu <[EMAIL PROTECTED]> wrote:
> >>>
> >>>
> >>>> Hi guys,
> >>>>
> >>>> I know we have a blacklist filter but does anyone know if a tcp
> >>>> wrappers like filter has been written for MINA which uses
> >>>> /etc/hosts.allow and /etc/hosts deny files or something similar?
> >>>>
> >>>> Thanks,
> >>>> Alex
> >>>>
> >>>>
> >>>
> >>> --
> >>> --------------------------------
> >>> The adjuration to be "normal" seems shockingly repellent to me; I see
> >>> neither hope nor comfort in sinking to that low level. I think it is
> >>> ignorance that makes people think of abnormality only with horror and
> allows
> >>> them to remain undismayed at the proximity of "normal" to average and
> >>> mediocre. For surely anyone who achieves anything is, essentially,
> abnormal.
> >>> Dr. Karl Menninger
> >>>
> >>>
> >
> >
>
--
--------------------------------
The adjuration to be "normal" seems shockingly repellent to me; I see
neither hope nor comfort in sinking to that low level. I think it is
ignorance that makes people think of abnormality only with horror and allows
them to remain undismayed at the proximity of "normal" to average and
mediocre. For surely anyone who achieves anything is, essentially, abnormal.
Dr. Karl Menninger
