< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [repro-devel] WebAdmin domain

From: "Scott Godin" <slgodin@xxxxxxxxxxxx>
Date: Wed, 28 Nov 2007 09:02:55 -0500

In general we attempt to minimize Mutex use in the stack - I think that
change will raise some flags.  Having 2 security objects means having two
sets of certificates cached in memory.  I think we should try to avoid this.

Can you describe your architecture goals more clearly?  What is the purpose
of this separation?  In my view, architectural changes should be minimized
or discussed clearly on the list first, in order to have the best chance at
integration into the main line SVN.  

I was not involved in the original architecture of repro - so I'd like to
hear others opinions after you have clarified things.

Thanks,
Scott

-----Original Message-----
From: Ruslan Radvansky [mailto:prostoruslan@xxxxxxxxx] 
Sent: November 28, 2007 4:40 AM
To: Scott Godin
Subject: Re[2]: [repro-devel] WebAdmin domain

Hello Scott,

Tuesday, November 27, 2007, 4:23:26 PM, you wrote:

> Sounds OK to me.  

> Note:  The realm parameter passed to WebAdmin is used for two purposes:
> 1.  Realm advertised in WWW-Authenticate: Basic realm HTTP header - the
> realm is not actually used in the web authentication a1hash - so it
> shouldn't factor into this.
> 2.  Default domain for cert server, if not specified as URL parameter

I found only one place where used realm parameter: When we request
certificate
page from WebAdmin (http://localhost:5080/cert.cer) realm used as default
domain
certificate page, when we don't query domain explicitly
("http://localhost:5080/cert.cer?domain=... ").

> Out of curiosity, what actual problem are you seeing with the realm
> parameter changing from from one domain to another?

1)      Currently I not see any problem, but if WebAdmin will be extended in
future,
problem can be created.
2)      Currently I work on dividing repro on two part: Application and
Proxy core.
I think that application consist database (AbstractDb and descendants,
registration database)
and management tool (WebAdmin). Application will create Store and
InMemoryRegistrationDatabase
objects and initialize with its Proxy. Therefore I think that sip domain and
web domain is
different things and must specified differently.

I have question to All. If  I want move  initializing of WebAdmin to another
place, I need
create one more instance of Security class. Is there any problem? (race
conditions or so on).
I think that I need only add static variable Mutex for  prevent simultaneous
access to files
in static function readIntoData and member function Security::onWritePEM.
Will this patch be accepted?

-- 
Best regards,
 Ruslan                            mailto:prostoruslan@xxxxxxxxx

References:
- [repro-devel] WebAdmin domain
  - From: Ruslan Radvansky
- Re: [repro-devel] WebAdmin domain
  - From: Scott Godin

Prev by Date: [repro-devel] outbound support
Next by Date: Re: [repro-devel] WebAdmin domain
Previous by thread: Re: [repro-devel] WebAdmin domain
Next by thread: Re: [repro-devel] WebAdmin domain
Index(es):
- Date
- Thread