I’ve been playing with DRb a fair bit lately, am planning to use it as
part of a Rails-to-XMPP integration project. XMPP is relatively costly
to authenticate with, and one of the ways around that is to login only
once and then have every Rails instance talk via DRb to that single
instance. And of course the other benefit of having the clients online
24/7 is that it would allow me to affect the state of my application
and give live feedback via XMPP messages and commands.
Of course, DRb in itself provides no real security. But because of the
nature of some of the applications I want to make possible, I do want
to provide some basic protection against some of the more obvious kinds
of attacks which occur.
The first aspect of this is encrypting the traffic which I can use SSL
for. Although I’m not particularly keen on having to generate a
certificate just to run this lightweight server… some lighter
encryption would be preferable but I’ll take what’s available. Once I
have SSL up, at least I can assume that people won’t be able to spy on
the messages which are being sent back and forth.
The next aspect is some kind of basic authentication. Really, what I
want is just a secret key that the client has to pass in in order to
get access to my remote objects. But, I don’t want to have to add that
secret key to every method.
One idea I came up with, which is simple but probably not very good:
def initialize(treasure, key)
@treasure = treasure
@key = key
def unlock(key) if @key == key return @treasure else return nil # I suppose an exception would be better. end end
Then I serve the Chest instance up as the remote object, and this way
the “real” server (the treasure) doesn’t have to have the password
added to all its methods, but I get an icky feeling that it opens the
door to someone somehow “remembering” the remote reference to the
treasure and getting a direct reference to it somehow after the
password is changed.
How do people usually do this sort of thing? Is there a