SAMP environment variables

Mark Taylor m.b.taylor at bristol.ac.uk
Thu Jun 25 03:01:13 PDT 2009 

On Thu, 25 Jun 2009, Luigi Paioro wrote:

> Hi Mark,
> 
> > > >    MType:
> > > >       client.env.get
> > > >    Arguments:
> > > >       name (string) - environment variable name
> > > >    Return values:
> > > >       value (string) - value of env variable "name" in receiver's
> > > > environment
> 
> -- omission --
> 
> > I hadn't thought of that.  Anybody with a SAMP connection to a hub
> > which you're connected to already has the potential to do harmful
> > things (for instance load unwanted images into your image viewer),
> > so the scenarios I've been thinking of assume that connected clients
> > are reasonably trusted (it's why the samp.secret is present in a
> > user-only-read file in the lockfile).  However I know that you've
> > been thinking of more distributed scenarios, so there may be some
> > important issues here.  Restricting accessible variables by namespace
> > would be possible in any case (though the MType definition gets
> > a bit more messy).
> 
> 
> I've thought to a possible compromise. The MType could be left as you have
> proposed without special restrictions. Locally it can be assumed that the
> connected clients are trusted, since it is reasonably true for the Standard
> Profile. In those cases where a more distributed scenario is involved, it is
> responsibility of the "distributed profile" developers to guarantee the
> security of the system, for example allowing to connect with the Hub only
> authorised applications (e.g. through Basic Authentication over a TCL channel
> or through certificates). Does it sound good?

Luigi,

I think that's a good way forward.  Really, many of the remote control
facilities provided by SAMP clients are at least mild security risks
(for instance a hostile SAMP client could mount a denial-of-service
attack on running SAMP applications by flooding the hub with 
samp.app.ping notifications), so it makes sense for any profile 
to implement basic restrictions on who can connect, i.e. not have 
a policy which allows any untrusted client from a remote host to
register with the hub.

Mark

-- 
Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/

More information about the apps-samp mailing list