Project

General

Profile

Feature #120

Updated by Eric Allman about 1 year ago

Currently applications HONGD by connecting directly to a MariaDB (or MySQL) server and running a query. This presents a huge attack surface for a relatively limited function. Ideally this would be accessed using the GDP network protocol itself. This presents some issues:

* How does a client find the name of HONGD in the first place? It can't do so by asking HONGD.
* How does HONGD determine whether the caller has appropriate permissions? For example, the creation service has the ability to add entries, but regular clients are read-only. This probably requires signed commands (see Issue #119). #117).

Back