Top things to see in first ALFS
gerard at linuxfromscratch.org
Wed Feb 2 07:21:49 PST 2005
On Wed, 2005-02-02 at 06:09, Matthias Berndt wrote:
> server i also can manipulate profiles. IMO profiles are not more or less
> secure then simple commands.
True both are equally (in)secure. The problem is how Jamie said it. The
client can't decide what commands the server should run. If you do this,
then the ui process has to know of each server what it has installed and
has available. Take jamie's [download] tag as an example.
It could be downloaded using curl, wget, you can add more options like
lynx, links, elinks, ncftp, other programs. The server's daemon process
will know what it has available since when alfsd was built, it was told
to use wget or curl or something of that nature. The userinterface
doesn't know about this. It tells the daemon "you have to download this
file and I don't care how you do it, just do it." That means sending an
instruction to download, rather than a command to download it. alfsd can
be dynamically linked with a library like curl so there doesn't perse
have to be a command to execute to download a file.
The ui process should decide what to do. The daemon process decides
*how* to do it as long as it gets done, somehow. The daemon might be a C
program that doesn't use command line programs to copy files and uses
C's own copy/link/unlink calls.
> Oh ... wait ... have i misunderstood something and we are talking about
> an XML based client/sever communication?
Maybe, if we're on the same wavelength. The communication is the
> The client has to parse the profile to give the user a chance of
> intervention. After that you want so send the profile to the server
> with some additional information about what and how to be executed and
> the server has to parse the profile again. IMO sensless duplicated work.
Duplicated work yes. But more flexible for the above outlined reasons.
We could argue if the ui process could skip parsing the profile and just
send it as-is. It will get an error from the daemon process if it's
invalid. That would save some time.
/* If Linux doesn't have the solution, you have the wrong problem */
More information about the alfs-discuss