durusmail: durus-users: Re: [QP] specifying host for scgi, durus, etc.
 
Re: [QP] specifying host for scgi, durus, etc.
2006-04-01
David Binger
2006-04-01
mario ruggier
2006-04-01
mario ruggier
2006-04-01
David Binger
2006-04-03
Jesus Cea
2006-04-04
Thomas Guettler
2006-04-04
David Binger
Re: [QP] specifying host for scgi, durus, etc.
mario ruggier
2006-04-01
On Apr 1, 2006, at 1:59 PM, David Binger wrote:
> On Apr 1, 2006, at 4:07 AM, mario ruggier wrote:
>> On Mar 31, 2006, at 12:55 PM, David Binger wrote:
>>
>>> Okay, I see that the behavior really is different on your FreeBSD
>>> machines
>>> than it is on OS X or Linux.  We need to figure out how to localize
>>> those other
>>> services on FreeBSD.  The Durus server, in particular, must not be
>>> available on a public interface.
>>
>> Here, just for the hack of it, is one fun way to workaround this...
>
> That is an interesting idea for addressing the problem of non-compliant
> cllients crashing the durus server, but non-compliant clients can also
> just stop the durus server from serving others.  Worse, a *compliant*,
> but unauthorized cllient has direct access to everything that you have
> stored.

Just to clarify a little for this list, as the discussion initiated on
the QP list, at:
http://mail.mems-exchange.org/durusmail/qp/109/

The problem is that if you do a non-compliant request on the durus port
(for example an http request, that I have actually done myself by
mistake) then the durus server shuts itself down. This becomes a real
issue when the durus port is exposed on the public interface, as, due
to a FreeBSD problem, happens in a FreeBSD jail even when binding with
127.0.0.1.

I am reposting the QP publisher code that checks the durus
server/connection on each request, and restarts if necessary:

     def process_hit(self, hit):
         ''' Ensure that the durus server is up, and that this
publisher's
         connection is good. To trigger the potential exception, we do a
         systematic abort() at the start of each request, that is anyway
         a good durus practice.
         '''
         try:
             self.get_connection().abort()
         except socket.error:
             from sys import exc_info
             socket_err_code = exc_info()[1].args[0]
             if socket_err_code == 54:
                 print 'Connection reset by peer... restarting durus
server.'
                 self.site.stop_durus()
                 self.site.start_durus()
             if socket_err_code in (32,54):
                 print 'Broken pipe... resetting durus connection.'
                 durus_address = self.site.get_durus_address()
                 if durus_address:
                     durus_host, durus_port = durus_address
                     from durus.client_storage import ClientStorage
                     from durus.connection import Connection
                     self.connection = Connection(
                         ClientStorage(port=durus_port, host=durus_host),
                         cache_size=self.site.get_durus_cache_size() )
             self.log_exception()
         qp.pub.publish.Publisher.process_hit(self, hit)
reply