Is there any built in security for servers responding to net-eval? It seems like if someone can get behind a firewall the whole game is up and they now have the same access to the net-eval server as the user account running the daemon.
If there is not built-in security, could we implement some (aside from writing my own server)? Something like a simple one-way encrypted token that is passed as a switch to the daemonizing command? Then the token would have to be passed in to net-eval.
Security and net-eval
I think this is a good point. Even if I'm behind a firewall, I need to implement a security system to protect newLisp from the attacks that could come from behind the firewall (a.k.a. from inside the company self!).
Some hints:
1) It could be interesting if I could write a function that will be called EVERYTIME a net-eval arrives in the running server. In this way I could create a script to check incoming requests.
2) Creating an IP black list (similar to ALLOW and DENY inside Apache).
3) A system with a key (or username/password) to detect if a request is valid (or with something like a token).
4) ... and https? :-)
Some hints:
1) It could be interesting if I could write a function that will be called EVERYTIME a net-eval arrives in the running server. In this way I could create a script to check incoming requests.
2) Creating an IP black list (similar to ALLOW and DENY inside Apache).
3) A system with a key (or username/password) to detect if a request is valid (or with something like a token).
4) ... and https? :-)
--
Sometimes ago I found a very good article by Carl Sassenrath how to create a secure system to validate a user, without transmitting it over web:
http://www.rebol.net/cookbook/recipes/0019.html
This could be a great way to validate a client without expose client password ;-)
http://www.rebol.net/cookbook/recipes/0019.html
This could be a great way to validate a client without expose client password ;-)
--