durusmail: durus-users: Suggestion: multiple storages and access control
Suggestion: multiple storages and access control
2006-05-16
Jesus Cea
2006-05-16
David Binger
2006-05-17
Jesus Cea
Suggestion: multiple storages and access control
Jesus Cea
2006-05-16
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For a future durus release.

I would like to be able to specify a database/user/key when a client
connects to the server. So I could give remote access without worry, and
only opening a single port for all my durus databases.

I have already a working (but ugly) implementation, like this:

a. When a client connects, it gets a challenge from the server. The
client sends (database,user,challenge result). So, the key never travels
in the clear. The server answers with an "OK" or "ERROR". If "OK", the
rest of the connection will use the current durus protocol.

b. When the server launchs, it launchs a thread for each storage it
manages. Each thread implements a "normal" durus server. The main thread
simply waits for connections. When a connections comes, the server sends
a challenge. If the answer is fine, it transfers the file descriptor to
the apropiate server thread. The rest of the protocol is the standard
durus protocol.

A "better" implementation should allow to instruct the server to launch
new storages threads or killing old ones, change
user/password/databases, etc. Maybe implementing the control data over
its own durus storage, sort of a metastorage. The listening thread could
implements the policy when a client connects, refreshing the cached data
with a "connection.abort()" just after the "socket.accept()".

As ever, I volunteer to the job, if necessary :).

PS: Would be very nice also if some database/user/pass would be read only.

- --
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea@argo.es http://www.argo.es/~jcea/ _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:jcea@jabber.org         _/_/    _/_/          _/_/_/_/_/
                               _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRGlFpplgi5GaxT1NAQKlGwQAkZwQgknGGBphxlvbaA2F82WFFOKacdmA
Dg/eluvpgqodAMttIZEk8XcSeKgn0c4AodgTHpMNKKKmeBagbi522qJwWnOGJFaY
JGzviXsTB9sukSLd5AGApygBXyuKZi37ubBWgaIJmHoFg8NaIekaHXobRO7Wo2Bz
0cEweeWgHTg=
=/y6S
-----END PGP SIGNATURE-----
reply