Re: [leshan-dev] Authorization and Authentication

[Ching Shi <ctienshi@xxxxxxxxx>]

Hi All,

I am in a bit of a confusion here. When there are multiple clients connected to the leshan server, i can view each clients details without the requirement of any credentials. Isn't there a security vulnerability here? Because each client could view other clients details. Could someone please this to me.

Thanks

Ching Tien Shi

Department of Computer Engineering

Faculty Of Engineering

University Of Peradeniya - Sri Lanka

On Tue, Dec 6, 2016 at 9:29 AM, Ching Shi <ctienshi@xxxxxxxxx> wrote:

Thank you for the information

Ching Tien Shi

Department of Computer Engineering

Faculty Of Engineering

University Of Peradeniya - Sri Lanka

On Mon, Dec 5, 2016 at 4:14 PM, Simon Bernard <contact@xxxxxxxxxxxxxxx> wrote:

We use DTLS authentication (Scandium implementation).

Authorization is done by Leshan (see SecurityInfo[1] and RegistrationHandler[2]). We will also provide a way to hook you own authorization rules.

[1]https://github.com/eclipse/leshan/blob/master/leshan-server-core/src/main/java/org/eclipse/leshan/server/security/SecurityInfo.java
[2]https://github.com/eclipse/leshan/blob/master/leshan-server-core/src/main/java/org/eclipse/leshan/server/registration/RegistrationHandler.java#L144

Le 05/12/2016 à 06:52, Ching Shi a écrit :

Hi All,

Could I please know how the Leshan Server handles authorization and authentication when multiple clients are connected to the server?

Thank You

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev