thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ma Chao <cha...@yunrang.com>
Subject Re: How to do AUTHENTICATION with thift
Date Fri, 17 Jun 2011 13:22:48 GMT
So you mean bogus could achieve this:
Our requirement is:
Assume there are two clients called CLIENT-A and CLIENT-B and a server
SERVER.

Now, we hope only CLIENT-A which registered before in SERVER could
invoke the RPC server (SERVER). CLIENT-B can't.

Could bogus achieve this?

Thanks,

-Chao

On Fri, 2011-06-17 at 09:03 +0200, Rory McGuire wrote:
> Thrift also used to be easy to break the server by sending bogus data
> to
> it so you might want to check if thats
> changed.
> Having authentication doesn't mean much if just anyone can crash it
> with
> telnet.
> 
> Enjoy
> -Rory
> 
> On Fri, 17 Jun 2011 03:55:51 +0200, Ma Chao <chaoma@yunrang.com>
> wrote:
> 
> > OK. I see. I will try to modifying our interface. Thank you very
> much~
> > On Thu, 2011-06-16 at 09:30 -0700, Bryan Duxbury wrote:
> >> Thrift does not have authentication support. You need to add it
> into 
> >> your
> >> own interfaces manually.
> >>
> >> On Wed, Jun 15, 2011 at 6:47 PM, Ma Chao <chaoma@yunrang.com>
> wrote:
> >>
> >> > Hi guys,
> >> >
> >> > This is Chao Ma, a engineer in a small company and using thrift
> as our
> >> > RPC generator.
> >> >
> >> > We want to give authentication to the RPC client to invoke our
> RPC
> >> > server. That means only some authenticated clients can invoke our
> RPC
> >> > server.
> >> > We don't want to change the interface of RPC servers/clients what
> we
> >> > have. So the best thing is thrift supports it natively.
> >> >
> >> > I don't know how to achieve this with thrift. Could you guys help
> me?
> >> > Any solution and idea is appreciated :-)
> >> >
> >> > Thank you very much!
> >> >
> >> > Chao.
> >> >
> >> >



Mime
View raw message