search

chanzuckerberg / shasta

[MOVED] Moved to paoloshasta/shasta. De novo assembly from Oxford Nanopore reads
Other
272 stars 59 forks source link

Update InspectingResults.html #280

Closed 0seastar0 closed 2 years ago

0seastar0 commented 2 years ago

Spelling and grammar edits

paoloczi commented 2 years ago

I will leave it for @0seastar0 to decide what the wording should be.

Regarding checking if it is the same user, for each incoming connection I use the lsof linux command to find the open socket on 127.0.0.1 and the port used by the Shasta server. The lsof command also returns the name of the user that owns the socket. If not the same as the user running the server, the incoming connection is closed. I don't claim this mechanism to be "secure" or elegant but it probably comes close enough for our purposes.

See HttpServer::isLocalConnectionSameUser in shasta/src/HttpServer.cpp (near line 659) for details.

paoloczi commented 2 years ago

To clarify - --exploreAccess user accepts only local connections (127.0.0.1) from the same user. In that mode, remote connections are not accepted, so no check about remote users needs to happen.