![]() |
![]() ![]() |
![]() |
uplate |
![]()
Post
#1
|
Member ![]() ![]() Group: Members Posts: 21 Joined: 10-October 07 Member No.: 391 ![]() |
Hey Serge,
I was wondering if there is currently a way or if it is part of future plans to implement a simple security mechanism. I don't want unwanted requests to my AMIP server or to my ClientService implementation. I realize this is not a problem for most people as they probably use both the client and server components within a single, close network. However, I am likely to use AMIP on one network and the client on another, meaning communications will occur through unsecured paths, and I will have to expose the necessary server ports to WAN. I was thinking perhaps an authentication method could be added to both the AMIP MyService and client ClientService, perhaps something like: CODE RCF_METHOD_V1(void, authenticate, std::string ); And it could be toggled at both endpoints (amip configurator, ac.dll) to require authentication or not. Although I think this would require rewriting of amip to return an error if exec,eval,etc. are attempted prior to successful authentiation... For now, I will just bind the servers on non-default ports, or tunnel the traffic through SSH :-P. Thanks, Max |
Serge |
![]()
Post
#2
|
![]() AMIP Developer ![]() ![]() ![]() Group: Root Admin Posts: 935 Joined: 12-March 06 Member No.: 1 ![]() |
Yes, such feature is planned. RCF has built-in functionality for limiting access from the specified list of IP addresses and I may use it in the future versions.
authenticate method is also a good idea, but should be based on md5 challenge, for example, to avoid passing clear text password across the network. |
uplate |
![]()
Post
#3
|
Member ![]() ![]() Group: Members Posts: 21 Joined: 10-October 07 Member No.: 391 ![]() |
nice that sounds good :-)
|
![]() ![]() |