Credit: James Edward Gray II
You want to keep everybody in the world (literally!) from having access to your DRb service. Instead you want to control which hosts can, and cannot, connect.
Heres the simple shared hash from Recipe 16.10, only this time its locked down with DRbs ACL (access control list) class:
#!/usr/bin/ruby # acl_hash_server.rb require drb require drb/acl # Setup the security--remember to call before DRb.start_service() DRb.install_acl(ACL.new(%w{ deny all allow 192.168.1.* allow 127.0.0.1 } ) ) # Start up DRb with a URI and a hash to share shared_hash = {:server => Some data set by the server } DRb.start_service("druby://127.0.0.1:61676", shared_hash) puts Listening for connection… DRb.thread.join # Wait on DRb thread to exit…
If you bind your DRb server to localhost, itll only be accessible to other Ruby processes on your computer. Thats not very distributed. But if you bind your DRb server to some other hostname, anyone on your local network (if youve got a local network) or anyone on the Internet at large will be able to share your Ruby objects. You e probably not feeling that generous.
DRbs ACL class provides simple white/blacklist security similar to that used by the Unix /etc/hosts.allow and /etc/hosts.deny files. The ACL constructor takes an array of strings. The first string of a pair is always "allow" or "deny", and its followed by the address or addresses to allow or deny access.
String addresses can include wildcards ("**"), as shown in the solution, to allow or deny an entire range of addresses. The ACL class also understands the term "all," and your first address should be either "deny all" or (less likely) "allow all". Subsequent entries can relax or restrict access, as needed.
In the Solution above, the default is to deny access. Exceptions are carved out afterwards for anyone on the local IP network (192.168.1.**) and anyone on the same host as the server itself (127.0.0.1). A public DRb server might allow access by default, and deny access only to troublesome client IPs.
Strings
Numbers
Date and Time
Arrays
Hashes
Files and Directories
Code Blocks and Iteration
Objects and Classes8
Modules and Namespaces
Reflection and Metaprogramming
XML and HTML
Graphics and Other File Formats
Databases and Persistence
Internet Services
Web Development Ruby on Rails
Web Services and Distributed Programming
Testing, Debugging, Optimizing, and Documenting
Packaging and Distributing Software
Automating Tasks with Rake
Multitasking and Multithreading
User Interface
Extending Ruby with Other Languages
System Administration