[Pvfs2-developers] Batch create in sys-symlink.sm
Sam Lang
slang at mcs.anl.gov
Wed Jun 24 23:30:59 EDT 2009
On Jun 24, 2009, at 3:55 PM, Sam Lang wrote:
>
> It sounds like your approach to eliminating security holes is with
> "security by obscurity". In other words, if the client (or some
> rogue process acting as a client) does not know that the interface
> is there, he can't abuse it. I don't think that's the right
> approach, especially since PVFS is completely open source, and
> anyone can just look at the code.
Rob points out that I don't really know about your security approach,
so my above comments may not be entirely appropriate. I guess what I
was trying to say is that it wasn't clear to me from a security
perspective that moving batch_create to the server would be helpful
for you. I'd be interested to hear about your security approach
though, and will refrain from making comments about it until I have a
better understanding of it. :-)
In a different context, Phil and I have discussed the issue of the
server knowing the source of a request. It turns out this isn't an
easy thing to do, at least for BMI tcp. Phil has added some code to
BMI tcp in a separate branch that provides the functionality
internally in BMI, and it shouldn't be hard to export the info through
a get_info call. Let us know if that's something you're interested in!
-sam
More information about the Pvfs2-developers
mailing list