[DGD] Developing a network daemon
Shentino
shentino at gmail.com
Thu Sep 10 01:19:02 CEST 2009
On Wed, Sep 9, 2009 at 2:09 PM, Felix A. Croes <felix at dworkin.nl> wrote:
> Shentino <shentino at gmail.com> wrote:
>
> >[...]
> > Problems:
> >
> > * Preventing the network daemon from being spoofed to DGD, possible
> > workarounds listed
> > - use a unix socket protected by filesystem perms to establish the
> control
> > socket
>
> DGD doesn't do unix sockets, so this would still require a patch.
>
My mistake, I should have been more verbose.
By unix socket I was referring to a named socket on the fs, hence using the
fs perms to guard it.
Something like /tmp/sock0001
>
> > - use public key crpyto to authenticate
>
> Overkill. Anyone who can snoop traffic on localnet can also snoop the
> private key from program memory. A simple password will suffice.
>
> > * Lack of knowhow implementing a decent multiplexer
>
> Don't multiplex outbound connections, have a different (authenticated)
> connection from the network daemon to DGDMP for each. That will be much
> more efficient, MP-wise.
>
Right, I was referring to multiplexing inside the driver itself.
Probably should have said "one program handling multiple i/o streams
simultaneously"
I suppose I'd have to make everything non-blocking.
More information about the DGD
mailing list