Marty,
> Allen Biocca (ALS) requested that the access security rules
> should accept a host
> name OR inet address. This sounds like a valid request.
The raw network addresses, when they are known, should definitely be
considered to be better identification than the ASCII host names. The AS
document should probably be updated to say that "a higher level of
security is maintained if the user provides IP addresses instead of host
names, or if the access security system is able to convert host names to
IP addresses during initialization".
We need to be careful about how this is implemented if we would like to
allow EPICS to be used with different networking systems in the future.
For example, IP V6 has different network addresses than what is commonly
used today with internet programs. Currently I am using the class
caNetAddr and also the structure osiSockAddr to abstract network
addresses in public APIs. The osiSockAddr structure is specific to the
sockets API and perhaps isn't generic enough for this purpose. I will
need to research this further.
> The other request is let a PCAS application know the inet
> address of a client.
> Andrew thinks that this is what caSnooper needs. Ken can
> correct me if this is
> wrong.
This is a similar issue, but with some additional considerations. In the
access security situation I suspect that only rsrv and the gateway
currently use the access security interface so we can easily change it.
However with the cas API many different codes use it so I need to be
careful. The problem is that Ken was getting things out of the casCtx by
making its definition available to the server tools. However, there are
many things in this class that should not be seen or used by the server
tools, and I never intended to provide, the server tools with a public
definition of this class. Nevertheless, I think that I see a simple
solution which I will be implementing in the next few weeks. Sorry that
this was not fixed earlier, but there have been other things that needed
to be addressed first. In particular, I am looking at the gateway
performance issues.
Jeff
> -----Original Message-----
> From: Marty Kraimer [mailto:[email protected]]
> Sent: Wednesday, November 27, 2002 6:31 AM
> To: Jeff Hill
> Cc: Johnson, Andrew N.; [email protected]; Ralph Lange; Marty
> Kraimer
> Subject: INET address
>
> Two similar requests
>
> Allen Biocca (ALS) requested that the access security rules
> should accept a host
> name OR inet address. This sounds like a valid request.
>
> Thus instead of
>
> HAG(hag1) {mercury}
>
> The user could specify
>
> HAG(hag1) {164.54.8.12}
>
> The other request is let a PCAS application know the inet
> address of a client.
> Andrew thinks that this is what caSnooper needs. Ken can
> correct me if this is
> wrong.
>
> Thus both requests amount to finding the inet addresss of a
> client.
>
> For access security it means RSRV must make it available.
> Currently RSRV calls
>
> asAddClient(asClientPvt,asMemberPvt,asl,user,host)
>
> This could be changed to
>
> asAddClient(asClientPvt,asMemberPvt,asl,user,host,inetAddr)
>
> What do you think?
>
> Marty
- References:
- INET address Marty Kraimer
- Navigate by Date:
- Prev:
Re: base max thread priority Eric Norum
- Next:
RE: base max thread priority Jeff Hill
- Index:
<2002>
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
- Navigate by Thread:
- Prev:
INET address Marty Kraimer
- Next:
Gateway Marty Kraimer
- Index:
<2002>
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
| 
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·