Code review comment for ~epics-core/epics-base/+git/asLib:as-hostname
Revision history for this message
| Bruce Hill (bhill) wrote | # |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Successfully tested this patch w/ pvAccess gwdev branch and pva2pva d7314ea from mdavidsaver.
Tested IOC and ca-gateway instances w/ asCheckClientIP=0 and asCheckClientIP=1.
ca-gateway was based on R2-1-1-0 with inline code to set asCheckClientIP.
No changes were needed to pcas version 4.13.2.
With asCheckClientIP=0, a hacked caput can bypass ASG RULES using hostnames.
With asCheckClientIP=1, caput can only spoof username
For pvput and IOC testing:
With asCheckClientIP=0, All ASG RULES using HAG deny write access.
With asCheckClientIP=1, pvput works same as CA for all UAG and HAG based ASG RULES. (Didn't test variables in RULES or spoofing username in pvput.)
Also tested w/ new p4p gateway as a client while p4p gateway is running it's own access security.