On 25/07/2012 09:26, Sam Skipsey wrote:
> On 25 July 2012 09:20, Jens Jensen <[log in to unmask]> wrote:
>> I can open the directory with a browser and view the contents - neat!
>> Works with a browser that presents a certificate, not with one that doesn't.
>>
>> I can also read the file with my plain ol' cert which has no attributes
>> or anything.
>>
>
> I'd expect this, if the functionality is anything like the DPM WebDAV
> implementation - VOMS is a bit alien to basic https authentication, so
> I suspect the "default" StoRM https auth just looks at the certificate
> itself.
Actually this makes sense - sort of - doesn't StoRM depend on the
underlying filesystems for most of its security anyway? I seem to
remember some of the early discussions of GPFS.
OTOH you may actually want to protect the file from being read by joe
random certificate user. We may need to figure this out before the VOs
will be keen on us providing https interfaces?
Cheers
-j
--
Scanned by iCritical.
|