[Spread-users] secure spread from JAVA

Jonathan Stanton jonathan at cnds.jhu.edu
Fri Aug 6 14:38:33 EDT 2004


On Fri, Aug 06, 2004 at 01:38:38PM -0400, Michael Atighetchi wrote:
> We are looking at using secure spread from JAVA. Is there a JAVA API
> similar to the one used for regular spread ?

Not that I am aware of. The Secure-spread system you download from our 
site has a lot of functionality implemented at the client library level so 
building a native Java version of that would be substantial work. It might 
be easier to write a java wrapper over the secure-spread C library.

> In addition, we'd like to be able to perform checks on the senders IP
> addresses (which makes sense in our context since we are using
> distributed firewall NICs which prevent IP spoofing). Looking at the
> current spread API, this information doesn't seem to accessible. Would
> it be hard to add this in ?

Spread itself has a modular access control system that allows you to place 
checks on what clients can connect to the daemons and request actions. 
A sample module included with spread shows how to add IP address checks. 
If you want the receiving client to know the IP address of the client who 
'sent' a message, then that is not provided by Spread. Since Spread is a 
client-server system, the client is given a unique name based on the 
daemon it connects to, not the machine running the client application. The 
only Spread process who knows the client's physical location is the daemon 
it is directly connected with.

You could establish your own 'spread private-name' -> 'ip address' mapping 
by having each client send to the others it's local IP address in the 
first message it sends after connecting. To really verify IP, you would 
also have to modify the daemon slightly to check the IP address the 
packets from directly connected clients are arriving from and make sure it 
matches what the client claims to be coming from. You could probably do 
this as an access control module which would not require any code changes 
to the daemon (it is a documented interface). 



Jonathan R. Stanton         jonathan at cs.jhu.edu
Dept. of Computer Science   
Johns Hopkins University    

More information about the Spread-users mailing list