170Re: client-server forwarding trickery
- Apr 4, 2001--- In soaplite@y..., Paul Kulchenko <paulclinger@y...> wrote:
> Hi, Michael!response
> Interesting question, but it seems like you don't need SOAP server
> that will forward requests, you just need to have simple proxy that
> will forward request to SOAP server unavailable from internet.
> Probably it would be better to do without involving two servers,
> otherwise you'll need to parse your request twice without visible
> benefits. Accept HTTP request, check SOAPAction if required (for
> better security), forward HTTP message to SOAP server, execute
> message (match SOAPAction with content of the message), send
> back and finally forward this response to the destination. You mayrequest
> also provide several transports and ticket-based authentication, if
> http is unavailable for you for any reason, you may send your
> by smtp or even ftp as soon as you have valid ticket. Am I missingNo, you have the essence of the problem. I just don't know how to go
about writing the 'simple proxy that will forward request to SOAP
server' (and forward results back to the Internet), so I wanted to
exhaust existing methods before venturing off into unknown
territory...next stop, Perl Monks.
Thanks for your help!
> Best wishes, Paul.
> --- "Brutsch, Michael" <mbrutsch@i...> wrote:
> > I'm trying to solve a security issue with running CGIs as root.
> > writing an app to remotely manage a linux box, and I'd like to use
> > SOAP.
> > Problem is, the server needs to run as root (or suid scripts, or
> > in
> > *some* way have access to root privs) to perform sysadmin
> > functions:
> > Remote SOAP client <-soap-> Local SOAP server
> > What I'd like to do, is place another process in-between, which
> > NOand
> > privileges, and acts as a 'forwarder' between the remote client
> > the'nobody'
> > privileged server:
> > Remote SOAP client <-soap-> Local 'forwarder' <----> Local SOAP
> > server
> > This way, the only connection to the outside world is the local
> > forwarder, and since it has no privs, compromising it would not
> > compromise the box (i.e., buffer overflow drops you into a
> > shell, instead of a 'root' shell).
> > I have the first example working beautifully, with several
> > transports.
> > My question: Is there an easy way to code a SOAP::Lite
> > 'client/server'
> > that can sit between a client and a server, and just forward
> > requests
> > (and results) back and forth?
> > ------------------------ Yahoo! Groups Sponsor
> > To unsubscribe from this group, send an email to:
> > soaplite-unsubscribe@y...
> > Your use of Yahoo! Groups is subject to
> > http://docs.yahoo.com/info/terms/
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
- << Previous post in topic Next post in topic >>