[OpenAFS-devel] Check for CellServDB and AFSDBRR correctness?

Ted McCabe ted@MIT.EDU
Tue, 10 Jul 2001 12:20:10 -0400 

Before my point gets lost in the below reply, I was only trying to 
provide examples in which the set of servers found by querying them 
directly with Harald's tool shouldn't be considered authoritative 
over the published set.

At 10:07 AM -0400 7/9/01, Jeffrey Hutzelman wrote:
>On Fri, 6 Jul 2001, Ted McCabe wrote:
>>  If the dbservers could be set up to not point clients to the
>>  sync-site, then one might also do it so that clients using the
>>  published list would have readonly access to the dbs.  That may be
>>  desired for clients outside some tightly controlled environment.
>
>This is a bogus argument.  Security through obscurity is worse than no
>security at all.  If you don't want clients making changes, then don't
>give them the bits.

Agreed, that security through obscurity is bogus.  But I didn't say 
that the reason was due to security - it could be due to policy, for 
example, that the sysadmin can't affect but must abide by.  Or, 
another example, perhaps there's a firewall that prevents outside 
access to the machines that might be sync site.

This was a second example tho', so my point is still valid if you 
want to believe that no site would desire to publish a strict, 
non-sync, subset of their dbservers.

>>  Since the dbservers do direct write requests to the sync-site, I
>>  expect the client happily uses the pointer it gets.  It might
>>  explicitly check against the published list, I've not looked at the
>>  code, but there's not much point to check since it has no reason to
>>  not trust the forwarding info.
>
>The dbservers don't tell you who the sync site is.  If you try a write
>request on not the sync site, you get UNOTSYNC, and it's up to you to find
>the sync site.  The Ubik client library will do this for you, but it only
>makes a VOTE_GetSyncSite call if there are at least four dbservers;
>otherwise it uses simple iteration.

Ah, I forgot that VOTE_GetSyncSite was only used by the client if 
there were less than 4 dbservers.  In any case, that is what I was 
referring to.

    --Ted