DB design document

Derek Atkins warlord@MIT.EDU
22 Dec 2000 14:15:00 -0500 

<linas@linas.org> writes:

> uhh, I am not an expert, but: what about the deamons rpciod, lockd, 
> rpc.statd, portmap?  Last I understood, these had a variety of ways 
> to be hijacked, via replay attacks, bogus udp packets, etc.  

Um... rpciod, lockd, and rpc.statd are all NFS daemons.  Yes, they are
built on top of RPC but none of them are required for RPC to operate
(they are required for NFS to operate).

I conceed that portmap is a core RPC service, however you don't have
to use it.  You can specify your own udp/tcp port and use that
directly.  Portmap is only really used if you want to bind an rpc
service to any particular port, not really caring which port number it
is.

> I also thought they introduced considerable latency: viz, having to
> look up a service on one port number, (using udp, no less), and then
> another, and then yet another lookup, just to find the service.

Not exactly.  If you do use portmap (which I wouldn't ;) then yes, you
have one extra round trip to ask the portmap on the remote machine
what port a particular service is.  So you only have one extra round
trip, not two.

> This was supposed to be fixed by WebNFS, but since WebNFS never
> happened ...

Well, no.. WebNFS was supposed to allow anonymous NFS service via
HTTP.  It was not supposed to provide arbitrary RPC service over HTTP.

> Never mind that ssl-izing these deamons is not obviously 'easy'.

Nor is it "obviously easy" to SSL-ize Corba. ;)

> 2) I'm anti-corba for reasons described in
>    http://www.vbxml.com/xml/articles/dotnetintro/default.asp
>    Basically, its the fast-setting concrete issue: if the cleint
>    and the server aren't exactly the same version number, they have
>    trouble communicating. (same remark for rpc).  The beauty
>    of xml-layered-on-http is that you have wiggle room that yo have
>    explicit control over:  you can support different versions,
>    different major & minor revision levels, without a lot of hassle
>    or tears.  (viz. a whole lot less hassle & tears that corba)
>    At least that's the theory.  Ask me again in 5-10 years.

Yea, this can be a problem with RPC and Corba.  What it means is that
you have to know what version of objects the client/server maintain,
and use that "version" of the protocol.  I can think of a few ways of
doing that, but if you have a client and server that don't talk the
same protocol, you lose.  But that's true of anything, not just corba
and rpc.

> --linas

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available