[leiningen] Re: Leiningen transport based repl authorization (foundation)
- From: Rob Browning <rlb@xxxxxxxxxxxxxxxx>
- To: Daniel Compton <daniel.compton.lists@xxxxxxxxx>, leiningen@xxxxxxxxxxxxx
- Date: Sun, 07 Jan 2018 22:31:33 -0600
Daniel Compton <daniel.compton.lists@xxxxxxxxx> writes:
Can you describe more the security issues you're trying to solve here? Is
this also intended for securing remotely exposed nREPL sessions, or only
local access from the same machine?
Currently only intended for local access, though there's no reason the
approach wouldn't work for remote access as long as there were an
additional https/ssh/stunnel layer underneath.
And I wanted the approach to be portable, though I'd be fine with
filesystem sockets, and I'd definitely have started with them if the JVM
admitted they exist. I'd also like for the method to be port
independent, and not require admin access.
https://dev.clojure.org/jira/browse/NREPL-85
Indeed. That's where I started, but as you can see, upstream would
rather see it handled elsewhere.
https://github.com/cemerick/drawbridge
Right, and I've seen some special-casing inside reply, for example, to
accommodate it. Though I haven't tried using it myself yet.
In the longer run, I imagine it'd be preferable to have some way to
selectively choose encryption and/or authorization, but I'd just like to
start with *something* we can agree on that makes local authorization
straightforward, and I'm absolutely volunteering my time if that will
help.
Thanks for the help
--
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
Other related posts: