Recently, I try hard to use OpenDDS SSL in WAN network. But All my attempts to failed.
This is caused by the inability to find different hosts.
I realized one thing. OpenDDS security should use rtps_discovery, not InfoRepo, and it is difficult to find two hosts in different subnetworks via rtps_discovery.
I have been searched about discovering host by rtps_discovery option from SourceForge, github, and stackoverflow. But, No one successed in this manner.
https://sourceforge.net/p/opendds/mailman/message/36320180/
https://github.com/objectcomputing/OpenDDS/issues/854
So, my question is how to find the host using rtps_discovery on the WAN network.
here is my ini file:
[common]
DCPSGlobalTransportConfig=$file
DCPSSecurity=1
[domain/4]
DiscoveryConfig=uni_rtps
[rtps_discovery/uni_rtps]
SedpMulticast=0
ResendPeriod=2
SpdpSendAddrs=publisher's IP:56789
[transport/the_rtps_transport]
transport_type=rtps_udp
use_multicast=0
local_address=subscriber's IP:55555
please give me some ideas to solve this problem
It is really impossible to discover hosts in different subnetworks via rtps_discovery??
I'm finally success to communicate using rtps discovery!
It just SpdpSendAddrs attribute set 8410 port.
like this:
[common]
DCPSGlobalTransportConfig=$file
DCPSSecurity=1
[domain/4]
DiscoveryConfig=uni_rtps
[rtps_discovery/uni_rtps]
SedpMulticast=0
ResendPeriod=2
SpdpSendAddrs=subscriber's IP:8410
[transport/the_rtps_transport]
transport_type=rtps_udp
use_multicast=0
But, new question is that how to confirm this security function work properly??
When I capture packet by wireshrk, I can see the data not encryped.
I used OpenDDS Messenger security example.
Related
I am trying to understand the use of hadoop.ssl.hostname.verifier. As per https://hadoop.apache.org/docs/r2.7.4/hadoop-project-dist/hadoop-common/core-default.xml there are these possible values. The hostname verifier to provide for HttpsURLConnections. Valid values are: DEFAULT, STRICT, STRICT_I6, DEFAULT_AND_LOCALHOST and ALLOW_ALL
The associated codebase at https://github.com/c9n/hadoop/blob/master/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java has also described a bit more about the values, but I am trying to see where should I this in the log message or associated impact. The https endpoints for namenode or any other services do not seem to show any difference in responses. Appreciate if someone can tell me how to test the impact of different values.
Lemme come straight into this.
Well, I have implemented Nifi to localhost. It's working well and everything seems to be perfect.
I have made many different flows with headers of course within the cluster as below.
Cluster
When I right click the header and go to "View configuration" go to "Properties" will see as follows.
Processor details
You can see the "Listening Port" that is 10004 and a "hostname" as well. Then there is "Allowed path" as can be seen.
Now If I want to access this specific header I have to hit using 10.0.0.18:10004/spec/transform.
Now the issue is, I have many different headers which are having a different listening port that is assigned by me. NIFI is not allowing me to assign the same port for every flow I make. but I have to assign different port every time I make a new flow. I just want to assign port 10004 to every other flow and just differ them using the "Allowed path".
How come I make this possible. I have to always assign new port to every new flow. Is there a way to do that. Hope you guys understand what am I actually willing to have. Hope to have your answers soon.
Thank you
You can have one HandleHttpRequest at the beginning of your flow listening on port 10004, and set the "Allowed Paths" property to a regular expression that matches all of the paths you want to support. HandleHttpRequest will add the path as an attribute to each flow file named "http.context.path", so you could then use a RouteOnAttribute to route each path to a different part of the flow.
As Bryan Bende
but in nifi 1.14.0 that is attribute: http.request.uri
suppose the DogManagementPro program is an application written in client/server architecture, where the customers who buys it is supposed to run the server on his own PC, and access it either locally or remotely.
suppose I want to support a "list all dogs" operations in the DogManagementPro REST API.
so a GET to http://localhost/DogManagerPro/api/dogs should fetch the following response now:
<dogs>
<dog>http://localhost/DogManagerPro/api/dogs/ralf</dog>
<dog>http://localhost/DogManagerPro/api/dogs/sparky</dog>
</dogs>
where I want to access it remotely on my local LAN, [the local IP of my machine is 192.168.0.33]
what should a a GET to http://192.168.0.33:1234/DogManagerPro/api/dogs fetch?
should it be:
<dogs>
<dog>http://localhost/DogManagerPro/api/dogs/ralf</dog>
<dog>http://localhost/DogManagerPro/api/dogs/sparky</dog>
</dogs>
or perhaps:
<dogs>
<dog>http://192.168.0.33/DogManagerPro/api/dogs/ralf</dog>
<dog>http://192.168.0.33/DogManagerPro/api/dogs/sparky</dog>
</dogs>
?
some people argue that I should subside the problem altogether by returning just a path element like so:
<dogs>
<dog>/DogManagerPro/api/dogs/ralf</dog>
<dog>/DogManagerPro/api/dogs/sparky</dog>
</dogs>
what is the best way?
I've personally always used non-absolute urls. It solves a few other problems as well, such as reverse / caching proxies.
It's a bit more complicated for the client though, and if they want to store the document as-is, it may imply they also now need to store the base url, or expand the inner urls.
If you do choose to go for the full-url route, I would not recommend using HTTP_HOST, but setup multiple vhosts, and environment variable and use that.
This solves the issue if you later on need proxies in front of your origin server.
I would say absolute URLs created based on the Host header that the client sent
<dogs>
<dog>http://192.168.0.33:1234/DogManagerPro/api/dogs/ralf</dog>
<dog>http://192.168.0.33:1234/DogManagerPro/api/dogs/sparky</dog>
</dogs>
The returned URIs should be something the client is able to resolve.
How can you change your IP Address using visual basic please? I havnt been able to find anything useful anywhere so i was just wondering if I could get some help on here?
Im not onabout the external Ip address. I know that cannot be changed(I have a static one from my isp.) Im onabout changing the internal ipaddress... for example changing from: 192.168.1.150 to 10.0.0.125 –
Thanks
Chris
You could use some Windows scripting. It gets a little messy but you could create the script in VB.Net, write it to your hard drive and then execute it. When done, you can delete the script.
Here is an example of a script that changes the IP Address (and some other related fields):
http://www.wincert.net/forum/topic/40-change-ip-configuration-via-vb-script/
Then, you would execute it in VB.Net by calling
Process.Start("<The path of your .vbs file here>")
Good luck.
Your IP Address is leased to you via your ISP when you go online - you can't just "change it". If your ISP uses Dynamic IP leasing, you can switch off your router/modem for around 5 minutes, and reconnect - at which point you'll receive a new IP.
The only way to replicate this via VB would be to disconnect the user from a modem-based service within your application. But in this case, I'd hazard a guess that clicking the "disconnect" button would be an easier solution for the user.
you may not need to write any script to do this. And you dont need 2 network adapters as the only way to do this. in windows the network adapter can be assigned several IP addresses at the same time. go into network properties ipv4 tcp/ip settings advanced. you can put several ip addresses and masks. so if you have one pc but are using 2 different networks, just put 2 addresses in, then whichever network is connected use it normally.
if you have a network gadget like a new router and its on 192.168.0.200 and you know its going to be set to 10.1.1.x after you login, assign the computer 2 IPs like 192.168.0.100 and then 10.1.1.100.
I'm trying to use the mstscax.dll (Microsoft Remote Desktop Control) to login to a Vista machine that requires Network Level Authentication.
I've played around with all the methods in IMsRdpClientNonScriptable4, IMsRdpClientAdvancedSettings4 and IMsRdpClient6. There are a slew of functions that appear that the might enable this.
EnableCredSspSupport
PromptForCredentials
PromptForCredsOnClient
NegotiateSecurityLayer
Unfortunately the MSDN documentation is pratacily useless and I can find no examples for any of these on the web. I know that it's possible because a product called "Royal TS" can connect this way.
One hint is that both "Royal TS" and Vista's Remote Desktop create a authoriztion prompt that looks like the one from CredUIPromptForWindowsCredentials, this makes me belive that i might be able to use a function like that to get the credential and then possibly use PublisherCertificateChain to tell RDP about it.
Any ideas would be helpful.
So if other people find this:
All that needs to be done is EnableCredSspSupport=true, the problem I had was that I was loading the mstscax.dll manually and the version I was using supported the IMsRdpClientNonScriptable4 interface but simply didn't work. If you just load the control normally just setting EnableCredSspSupport=true works fine.
This property maybe help you
RDPControl.AdvancedSettings8.EnableCredSspSupport = true;
In addition, It also depend on your OS support Network Level Authentication or not.
Reference (http://technet.microsoft.com/en-us/library/ff393716(v=ws.10).aspx)
I've never tried to do what you're doing but I suggest you take a look at the following article:
Multi Remote Desktop Client .NET
The projects uses mstscax.dll.