Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [leshan-dev] Authorization and Authentication

Oups sorry I mean : "leshan-server-demo is just a demo."


Le 07/12/2016 à 10:46, Simon Bernard a écrit :

if you are talking about the leshan-server-demo. This is not just a demo.

See the readme[1] :

Leshan provides libraries which help people to develop their own Lightweight M2M server and client.
The project also provides a client, a server and a bootstrap server demonstration as an example of the Leshan API and for testing purpose.

[1]https://github.com/eclipse/leshan/blob/master/README.md

Le 07/12/2016 à 10:21, Ching Shi a écrit :
Hi All,

I am in a bit of a confusion here. When there are multiple clients connected to the leshan server, i can view each clients details without the requirement of any credentials. Isn't there a security vulnerability here? Because each client could view other clients details. Could someone please this to me.

Thanks



Ching Tien Shi
Department of Computer Engineering
Faculty Of Engineering
University Of Peradeniya - Sri Lanka


On Tue, Dec 6, 2016 at 9:29 AM, Ching Shi <ctienshi@xxxxxxxxx> wrote:
Thank you for the information

Ching Tien Shi
Department of Computer Engineering
Faculty Of Engineering
University Of Peradeniya - Sri Lanka


On Mon, Dec 5, 2016 at 4:14 PM, Simon Bernard <contact@xxxxxxxxxxxxxxx> wrote:

We use DTLS authentication (Scandium implementation).

Authorization is done by Leshan (see SecurityInfo[1] and RegistrationHandler[2]). We will also provide a way to hook you own authorization rules.

[1]https://github.com/eclipse/leshan/blob/master/leshan-server-core/src/main/java/org/eclipse/leshan/server/security/SecurityInfo.java
[2]https://github.com/eclipse/leshan/blob/master/leshan-server-core/src/main/java/org/eclipse/leshan/server/registration/RegistrationHandler.java#L144


Le 05/12/2016 à 06:52, Ching Shi a écrit :

Hi All,

Could I please know how the Leshan Server handles authorization and authentication when multiple clients are connected to the server?

Thank You


_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________ leshan-dev mailing list leshan-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

Back to the top