[Ur] Patch for Basis.clientIP
Adam Chlipala
adamc at csail.mit.edu
Tue Sep 23 13:58:34 EDT 2014
On 09/23/2014 04:33 AM, Sergey Mironov wrote:
> Hi! Please, consider applying the patch for getting the IP-address of a client.
The basic functionality seems reasonable, but I have two misgivings
about this patch:
1) Allowing all [transaction] code to read the client IP address by
default bothers the capability-system nerd in me. This kind of
functionality seems roughly comparable to reading request headers, which
currently works with a configurable whitelist of headers that may be
read. Most applications will rule out reading of most headers.
2) The compiler and runtime system include a plugin system for
application protocols. Of the 4 plugins that come with the compiler, I
believe this patch will only work correctly for 1 of them, 'http'. For
at least one of them, 'fastcgi', I think the new operation will even
always return localhost, rather than signaling a runtime error! The
parameter name 'sock' for uw_request() is actually quite misleading, as
the parameter is not guaranteed to be a socket handle, even if it's
greater than -1; it's treated like a polymorphically typed parameter,
which only needs to be compatible with the 'send' parameter. (Sorry
about that grossness. :\)
More information about the Ur
mailing list