[Carpet] checkpoint at run-time request

Frank Loeffler frank.loeffler at aei.mpg.de
Mon Oct 30 14:01:53 CET 2006

Previous message: [Carpet] checkpoint at run-time request
Next message: [Carpet] checkpoint at run-time request
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> On Oct 18, 2006, at 09:15:59, Bela Szilagyi wrote:
>> I know there is the web-interface  
>> option of
>> steering parameters, but I never trusted that enough to try...

>> More generically, it would be quite useful to have a simple,  usable, and
>> trustworthy way of modifying parameters of a run, while it's  
>> running.

Erik Schnetter wrote:
> Cactus has a web server thorn.

I think this is what Bela meant by 'web interface' and what is somehow 
connected to 'insecure' in my mind - without reasons to directly put my 
finger on at the moment. Does someone already did a security audit on this?

A quick look did not increase my trust in this thorn, one example:

CactusConnect/HTTPD/src/Authorisation.c line 196:

decoded_size = HTTP_b64_pton(token, (unsigned char *) decoded,
                                      DECODED_SIZE);
/* Null terminate string */
decoded[decoded_size] = 0;

while the decoded_size could be -1. This looks wrong to me - or at least 
not careful.

Frank

Previous message: [Carpet] checkpoint at run-time request
Next message: [Carpet] checkpoint at run-time request
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the developers mailing list