Namecoin Forum

Should be human readable and machine readable. I would prefer to leave http status codes out of the API error messages.

I would always return a dict. One can quickly check whether there is an item "error" - if it is not there then everything is fine.

---> Variant #2

phelix wrote:Should be human readable and machine readable. I would prefer to leave http status codes out of the API error messages.

I would always return a dict. One can quickly check whether there is an item "error" - if it is not there then everything is fine.

---> Variant #2

Sounds good, I'll see if I can have a pull request ready soon.

Hello phelix (or anyone else interested),

I'm trying to figure out the most efficient way of making some plugin methods "privileged" (i.e. untrusted users can't execute them). For example, starting and stopping plugins should not be possible by untrusted users. (This is particularly an issue since malicious websites can call arbitrary NMControl methods by sending HTTP requests to localhost.)

The rough idea I have, is to have a list of "public" methods in each plugin, which the Bottle handler can check before calling a method. If the requested method is not in the list of public methods, then the HTTP request should fail.

This is a little bit intrusive since it involves adding one line of code to each plugin, and that line needs to be edited if any additional public methods are added later. Is there a better way that I'm not thinking of, or should we just go with that?

Cheers.

biolizard89 wrote:Hello phelix (or anyone else interested),

I'm trying to figure out the most efficient way of making some plugin methods "privileged" (i.e. untrusted users can't execute them). For example, starting and stopping plugins should not be possible by untrusted users. (This is particularly an issue since malicious websites can call arbitrary NMControl methods by sending HTTP requests to localhost.)

The rough idea I have, is to have a list of "public" methods in each plugin, which the Bottle handler can check before calling a method. If the requested method is not in the list of public methods, then the HTTP request should fail.

This is a little bit intrusive since it involves adding one line of code to each plugin, and that line needs to be edited if any additional public methods are added later. Is there a better way that I'm not thinking of, or should we just go with that?

Cheers.

I'm not quite sure I follow you... no websites should be able to call NMControl methods at all.

In Python private functions start with an underscore but it is purely a visual difference.

phelix wrote:

biolizard89 wrote:Hello phelix (or anyone else interested),

I'm trying to figure out the most efficient way of making some plugin methods "privileged" (i.e. untrusted users can't execute them). For example, starting and stopping plugins should not be possible by untrusted users. (This is particularly an issue since malicious websites can call arbitrary NMControl methods by sending HTTP requests to localhost.)

The rough idea I have, is to have a list of "public" methods in each plugin, which the Bottle handler can check before calling a method. If the requested method is not in the list of public methods, then the HTTP request should fail.

This is a little bit intrusive since it involves adding one line of code to each plugin, and that line needs to be edited if any additional public methods are added later. Is there a better way that I'm not thinking of, or should we just go with that?

Cheers.

I'm not quite sure I follow you... no websites should be able to call NMControl methods at all.

In Python private functions start with an underscore but it is purely a visual difference.

Any website can issue an HTTP request to any REST service on any server; this is how web browsers work. In our case, the same-origin policy will prevent the website from seeing the content of the response. However, we need to make sure that NMControl will not do something stupid if it receives such a request. Most of the methods are safe, in that the worst they can do is trigger a DNS lookup (which websites can already do anyway). The main exception (in current method set) is starting/stopping plugins, but this may change if we add other methods to NMControl in the future.

The underscore isn't really suitable, because right now NMControl already uses the underscore to indicate that a method isn't callable by the user at all. Also, we might want finer-grained control than a boolean in the future.

I think just storing a list of public methods for each plugin makes sense, unless you have a proposal for another method?

We could also use Python decorators http://thecodeship.com/patterns/guide-t ... ecorators/

phelix wrote:We could also use Python decorators http://thecodeship.com/patterns/guide-t ... ecorators/

Good idea. I think I've got something working now; I'll send a PR shortly.

Nice trick using the func_dict. Will take a closer look and test but it will take me a while.

phelix wrote:Nice trick using the func_dict. Will take a closer look and test but it will take me a while.

Sure, no worries. (Anyone else want to test?)