Run
method (or, in C programs, the corresponding C function of the type WAIRunFunction
) in your web service application class.
This section discusses some of the potential security concerns that may arise from the way in which the web server finds your application process. Before you enable WAI on your server, make sure to read this chapter thoroughly.
How the Server Finds Your Application
When you start up your WAI application for the first time, your application registers with the web server's built-in name service. The web server saves the information with the name service.
In order to access your service, end users enter a URL (or click on a link) that contains the name of your service. When this URL is requested, the web server uses its built-in name service to find the registered WAI application with the same name. The server then invokes the Run
method in your web application service class.
For example, when you start the WASP example (which is provided with the web server) for the first time, the example registers itself to the web server with the name WASP
(for the C++ example) or JavaWASP
(for the Java example). End users can access the service through the URL http://
hostname
:
port
/iiop/WASP
(or JavaWASP
).
By default, the basic object adapter (BOA) in the web server is set to listen only to the local host (the loopback address, 127.0.0.1), not to a network IP address. This configuration assumes that you plan to run your web application services on the same machine as your web server.
Although it is possible to enable the web server's BOA to accept requests from remote machines, you should be aware of the potential security issues surrounding this configuration before choosing to set up your web server in this way. The rest of this chapter explains these potential security concerns.
Potential Security Concerns
When running WAI applications with your web server, the following scenarios could occur:
For example, suppose you are running the WASP example. Someone else
could write a program that registered itself under the same name (WASP)
and run the program on the web server's host machine. If the original
WASP application terminates, the web server's name service will find the
other service registered as WASP, and the web server will use that service.
osagent
can also register WAI applications if the name service is down. To configure
osagent
to accept connections only from the local host
machine, specify the -a option with the argument 127.0.0.1 (localhost):
osagent -a 127.0.0.1
obj.conf
file for your server, find the Init
directive that calls the IIOPinit
function. Use the OAipaddr
parameter to specify the IP address that the BOA uses. For example, if you want the BOA set up to use the IP address 204.200.215.98 instead of the local hosr, use the following syntax:
Init LateInit="yes" fn="IIOPinit" OAipaddr="204.200.215.98"For more information, see "Configuring the Web Server's ORB".
(3.0 only) Running osagent
If you are not restricting the ORB to the local host machine only, you do not need to specify the -a
flag when running the osagent
utility.
This flag restricts osagent
to finding WAI applications on the local host machine only. Without this flag specified, osagent
will be able to find applications running on any machine in your local network.
Last Updated: 12/04/97 16:12:44
Any sample code included above is provided for your use on an "AS IS" basis, under the Netscape License Agreement - Terms of Use