Feature #120
Updated by Eric Allman over 4 years ago
Currently applications HONGD by connecting directly to a MariaDB (or MySQL) server and running a query. This presents a huge attack surface for a relatively limited function. Ideally this would be accessed using the GDP network protocol itself. This presents some issues:
* How does a client find the name of HONGD in the first place? It can't do so by asking HONGD.
* How does HONGD determine whether the caller has appropriate permissions? For example, the creation service has the ability to add entries, but regular clients are read-only. This probably requires signed commands (see Issue #119). #117).
* How does a client find the name of HONGD in the first place? It can't do so by asking HONGD.
* How does HONGD determine whether the caller has appropriate permissions? For example, the creation service has the ability to add entries, but regular clients are read-only. This probably requires signed commands (see Issue #119). #117).