Honglin Ye wrote:
Murray Altheim wrote:
Honglin Ye wrote:
[...]
xml-security is a too-big topic. I am thinking how to prevent un-wanted
query. As it stands now, Any one who knows the hostName and portNumber
can query/update documents inside, by using either a commandline tool or
a slightly modified java-api. (assume that he is inside the firewall, or
he is outside firewall but the port used is open)
But you can do that in your application, not in Xindice. There's
no need to pollute Xindice's code base with every single need there
is out there. There's about ten ways to handle this before you ever
need to modify things at the database layer.
Murray
I did not demand to pollute xindice. While you mentioned ten ways to
accomplish
that, I only need one. The easier the better. Can anyone let me how to hide
the xindice from quering using commandline tool?
These are just off the top of my head as I type them:
1. write a small proxy to sit between the actual Xindice port and
the proxy (public) port. This could probably be accomplished
with less than a thousand lines of code (I wrote a tiny HTTP
server in about 500-600).
2. create an IP access control list to filter access via incoming
IP addresses
3. use a user-based system:
a. via username-password
b. via domain-based filtering
4. extend one or two of Xindice's classes to enable data flow based on
any number of factors.
5. use a cookie-based system (i.e., if the user query doesn't have
the right cookie, deny service
6. encrypt all data stored in Xindice (prior to going into Xindice)
and give the keys only to trusted clients
7. extend the client to require a preliminary handshaking, where
the server challenges the client to produce a hash.
8. make the port available only within your LAN/WAN
9. use existing proxies to keep out intruders
10. require access only via a downloaded client that uses any number
of secure methods to gain access to the server (hashes, passwords,
etc.)
11. alter the query itself to include a hash prefix. The formula
to the hash is only known to you and trusted clients.
I dunno. This is five minutes' effort. I'm sure I could think of
more. I'm sure others could too.
Murray
......................................................................
Murray Altheim http://kmi.open.ac.uk/people/murray/
Knowledge Media Institute
The Open University, Milton Keynes, Bucks, MK7 6AA, UK .
"I'm a war president. I make decisions here in the Oval Office
in foreign policy matters with war on my mind." -- George W. Bush
http://news.bbc.co.uk/1/hi/world/americas/3470139.stm
"This is the new Mein Kampf. Only Hitler did not have nuclear
weapons. It's the scariest document I've ever read in my life."
-- Dr. Helen Caldicott, referring to the Project for the
New American Century report entitled "Rebuilding America's
Defenses: Strategy, Forces and Resources For a New Century"
http://home.earthlink.net/~platter/neo-conservatism/pnac.html
"This report proceeds from the belief that America should seek
to preserve and extend its position of global leadership by
maintaining the preeminence of U.S. military forces." [op. cit.]
"[...] and advanced forms of biological warfare that can target
specific genotypes may transform biological warfare from the
realm of terror to a politically useful tool." [op. cit.]
"This is a blueprint for US world domination."
http://www.guardian.co.uk/comment/story/0,3604,1036571,00.html
