Loading ...
Sorry, an error occurred while loading the content.

1397Re: [soaplite] Preventing package name traversal attacks

Expand Messages
  • Joe Landman
    Apr 9, 2002
    • 0 Attachment
      On Tue, 2002-04-09 at 15:28, David Wright wrote:
      >
      > What we need is a way to just turn off autodispatch at the server side.

      More than that, you need some level of access control for the object.
      This should be done at the SOAP level before the object is ever called.

      Basically need to set up something like this

      %access_control_list = (
      'public' => qw(method1 method2 ... methodN class1 class2 ...
      classN),
      'restricted' => {
      'restricted_method1' => {
      'users' => qw(user1 user2 ... userN),
      'hosts' => qw(host1 host2 ... hostn domain1 domain2 ...
      domainN),
      'logging' => "logfile"
      }
      );
      SOAP::Lite->set_access_control('object' => 'name', 'acl' =>
      %access_control_list);

      Or something similar.

      >
      >
      >
      > To unsubscribe from this group, send an email to:
      > soaplite-unsubscribe@yahoogroups.com
      >
      >
      >
      > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
      >
    • Show all 9 messages in this topic