[Users] [Carpet] checkpoint at run-time request
Thomas Radke
tradke at aei.mpg.de
Mon Oct 30 12:39:06 CST 2006
Steve White wrote:
> Erik,
>
> I didn't finish my overhaul of the thorn. (My understanding is, a student
> will be assigned to it any moment now.)
>
> The corrections I made were mostly in the HTML generation code.
> I don't think I did much work on the file in question.
>
> As to the code Frank points out in Authorisaton.c, yes that is a bug.
>
> As to a security audit or something: never mind that. The whole thing
> is little more than a proof-of-concept; it was never intended to be secure
> in any sense.
>
> A good solution would be to run this interface through some secure
> channel, which would check user's credentials and encrypt everything.
> This shouldn't be hard; maybe the D-Grid guys are working on
> something like that. (?)
Indeed, monitoring/steering methods for Cactus are on our list (for next
year). For sure they will also provide secure access and user
authentication/authorisation.
However, what Frank and Erik probably meant by 'secure access' is more
likely safety in terms of code stability, I guess. You fixed quite some
bugs in the HTML generation code by introducing your SString routines.
Apparently these routines aren't used everywhere so there are
potentially still bugs left in the code - one of them was pointed out by
Frank.
It would be good if someone could just go through all the code in
HTTPD/HTTPDExtra and make use of SString routines consistently. You said
you have a student for this job ?
--
Cheers, Thomas.
More information about the Users
mailing list