[Spread-users] secure spread from JAVA
Jonathan Stanton
jonathan at cnds.jhu.edu
Fri Aug 6 14:38:33 EDT 2004
Hi,
On Fri, Aug 06, 2004 at 01:38:38PM -0400, Michael Atighetchi wrote:
> We are looking at using secure spread from JAVA. Is there a JAVA API
> similar to the one used for regular spread ?
Not that I am aware of. The Secure-spread system you download from our
site has a lot of functionality implemented at the client library level so
building a native Java version of that would be substantial work. It might
be easier to write a java wrapper over the secure-spread C library.
> In addition, we'd like to be able to perform checks on the senders IP
> addresses (which makes sense in our context since we are using
> distributed firewall NICs which prevent IP spoofing). Looking at the
> current spread API, this information doesn't seem to accessible. Would
> it be hard to add this in ?
Spread itself has a modular access control system that allows you to place
checks on what clients can connect to the daemons and request actions.
A sample module included with spread shows how to add IP address checks.
If you want the receiving client to know the IP address of the client who
'sent' a message, then that is not provided by Spread. Since Spread is a
client-server system, the client is given a unique name based on the
daemon it connects to, not the machine running the client application. The
only Spread process who knows the client's physical location is the daemon
it is directly connected with.
You could establish your own 'spread private-name' -> 'ip address' mapping
by having each client send to the others it's local IP address in the
first message it sends after connecting. To really verify IP, you would
also have to modify the daemon slightly to check the IP address the
packets from directly connected clients are arriving from and make sure it
matches what the client claims to be coming from. You could probably do
this as an access control module which would not require any code changes
to the daemon (it is a documented interface).
Cheers,
Jonathan
--
-------------------------------------------------------
Jonathan R. Stanton jonathan at cs.jhu.edu
Dept. of Computer Science
Johns Hopkins University
-------------------------------------------------------
More information about the Spread-users
mailing list