Re: Distributed Objects client/peer identification
Re: Distributed Objects client/peer identification
- Subject: Re: Distributed Objects client/peer identification
- From: Nicko van Someren <email@hidden>
- Date: Wed, 13 Feb 2008 10:14:35 +0000
On 12 Feb 2008, at 15:38, Hamish Allan wrote:
On Feb 11, 2008 2:22 PM, Nicko van Someren <email@hidden> wrote:
What I want to do is determine what task is trying to make the
connection to my application. In particular, I want to be able to
make sure that the other end of the connection is a task belonging to
the same user (for instance because some other user is also logged in
using fast user switching).
As of Leopard, this should be taken care of. See:
http://developer.apple.com/technotes/tn2005/tn2083.html
Yup, I read that. I guess my real questions are (a) is the only way
that an existing mach port can be acquired by a process by going
through a bootstrap server (per-user or otherwise) and (b) is it
possible for a (non-root) user to get hold of the bootstrap server of
another user?
The ugly hack solution will be for the agent to put a random
challenge
in temporary file only readable by the correct user and demand that
the SysPref plug-in send it a copy of the file, but I'd still like to
know how to identify the endpoints of an NSConnection!
See:
http://developer.apple.com/documentation/Cocoa/Conceptual/DistrObjects/Tasks/delegate.html
http://developer.apple.com/documentation/Cocoa/Reference/Foundation/Classes/NSConnection_Class/Reference/Reference.html#/
/apple_ref/occ/instm/NSObject/authenticateComponents:withData:
The NSData you return could be a hash of the UID and the NSData from
the passed components salted with some shared secret.
Yup, I was planning to use that with a keyed MAC function on the
data. Frustratingly, the delegate function you point to (and it's
corresponding other side authenticationDataForComponents:) don't get
given any connection context, so I have to construct a different
delegate for each and every connection :-( Also, while this can be
used to authenticate the data that is sent it still leaves the
fundamental problem of sharing the shared secret in the first place.
Nicko
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden