"Distributed programming with Ruby" Reading notes two Security and ID Conversion (part1.1-2)

Source: Internet
Author: User

    • Security
      • Although DRb provide some security, they fall short of a full, comprehensive solution. This can make DRb less than desirable in a lot of real world situations. However, in situations where security is a lesser concern,such as prototyping and intranet application.
      • Safe mode to disable all eval () related calls
          • First, we retrieve a new remote object from the server. Then we undefine the Instance_eval method on this remote object. Because of how DRb works, as we learned earlier, when a method does not exist on the local copy of the remote object, the method is invoked on the server side. So on the last line, when we call the Instance_eval method and the IT-to-evaluate String "' rm-rf * '", we are telling the Remote server to forcibly, and recursively, remove all files on the server.
          • It's best-to-run your "server" code with a safe mode of least 1: $SAFE = 1. This disables eval () and related calls on strings passed across the wire. Now, if you were to run our malicious client again, you would get the following error:
            •     securityerror:insecure operation-instance_eval
          • Comment: How do I set Safe mode? Check Netxt part (ACL)
      • Access Control Lists (ACLs)
        • Only Deny 192.168.1.7
          • ACL = acl.new (%w{deny 192.168.1.7})
      • DRb over SSL (Secure Sockets Layer)
      • In its simplest form, SSL works like This:the client makes a SSL request to the server. The server says, "Here's my public key. Use it to encrypt your request, and I, the Server,will with my private key to decode it. "
      • There is an example the "Hello World" application to accept only trusted connections of SSL for this PA Rt. Details should check books.

      • ID Conversion
        • The method of looking up a object in the ObjectSpace using the reference ID is called ID conversion.
        • DRb ships with three built-in ID converters: DRb::D rbid-conv, Drb::timeridconv, and Drb::gwidconv. It is also possible to build your own ID converter.
        • Built-in ID Converters
          • We only look at DRb::D Rbidconv and Drb::timeridconv. The general consensus on the Drb::gwidconv converter was that it was extremely complicated to set up and prone to Failure,and Q Uite slow.
          • DRb::D Rbidconv
          • DRb::D Rbidconv is the default ID converter if dealing with drb.the default ID converter, DRb::D rbid-conv, simply uses th e object_id for the object to determine its reference. That reference ID was then used-to-look up the object in the ObjectSpace and then invoke the requested message.
            • Example
            • Server
            • Client
            • Output
              • Client
              • Server
            • As we can see, the object_id in the server printout matches the @ref instance variable on the drbobject we received from T He server. This is the default.
          • Drb::timeridconv
          • The default ID converter, DRb::D Rbidconv, has one downside. If you ' re not careful,referenced objects on the server can become garbage-collected and is no longer available when the C Lient tries to reference them.
          • The only difference between Drb::timeridconv and DRb::D Rbidconv are that Drb::timeridconv tells the server to keep its obje CTS alive for a certain amount of time after they were last accessed. The default length of KeepAlive is seconds, or ten minutes.
            • Server
          • A better approach to solve the garbage-collection problem lies in your architecture. Don ' t take a object from the server and hold onto it in the client for any longer than you absolutely need to. Retrieve the object from the server, use it, and then get rid of it. If you want to make sure you had access to this same referenced object minutes, hours, or days later, you should consider Writing your own custom ID converter that stores your objects in something other than the objectspace.
        • Building Your Own ID Converter
        • Why would we want? Perhaps we want to having some sort of signature in the ID so, we can tell by looking at it where it originated. Perhaps we is using a database as our object store on the server, and we want the primary key for the Databa Se row as the ID. Or Perhaps we just want to be different.
          • Example:append hw:to the object_id for our objects so, we know that those objects came from the Helloworldserver
          • Change server code like:
          • Client would output:
        • Using Multiple ID Converters
        • When you install a converter using the Drb.install_id_conv method, you tell DRb that all services in that Ruby VM is now To use this particular ID converter.
        • If you want to use multiple ID converters,the Start_service method takes a third parameter, a Hash of configuration parame Ters. One parameter in the list of available parameters Is:idconv, which tells DRb to use a particular ID converter for that SE Rvice.
          • Modify server code to:
          • Client
          • Output

"Distributed programming with Ruby" Reading notes two Security and ID Conversion (part1.1-2)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.