Comments (6)
sveseli
commented on August 16, 2024
1
Access security needs to be enabled in the underlying PV Database code (see epics-base/pvDatabaseCPP#58). As soon as this is done, I will add relevant interfaces to PvaServer class (see https://github.com/epics-base/pvaPy/tree/access-security)
from pvapy.
thomasms
commented on August 16, 2024
I know this is currently being worked out with regard to pvDatabase, but I have a further question/comment on this.
Is it possible for information on the requester to be accessed in the callback? For example
import pvapy as pv
def mycb(x, req):
# only permit write access from this machine
if req.ipv4 != "X.X.X.X":
# block write & throw exception
# but how to block write?
raise AccessControlException("You do not have access")
pv1 = pv.PvInt(4)
server = pv.PvaServer('mypv', pv1, mycb)Completely ignoring the concept of the ACF but instead define access control via the callbacks.
Not sure if the callback is the best place to put this, since you cannot prevent the put there, I wondered if there are other potential mechanisms to do such things?
To simplify things let's ignore access control all together and let's imagine we have a PV that is read-only - always - regardless of the client. Then again, I would think the callback could be used here but it is not clear how to stop the write, since the code below still permits the put - any advice on how to handle this scenario?
import pvapy as pv
def mycb(x, req):
raise ReadOnlyException("Write not permitted.")
readonlypv= pv.PvInt(4)
server = pv.PvaServer('readonlypv', readonlypv, mycb)from pvapy.
sveseli
commented on August 16, 2024
In order to make this work without access security, we would need a "before write" record interface in the PV Database code. @mrkraimer, what are your thoughts on this?
from pvapy.
mrkraimer
commented on August 16, 2024
Note that ChannelProviderLocal has methods canWrite and canRead.
Does this help?
from pvapy.
sveseli
commented on August 16, 2024
Aren't those methods available in the ChannelLocal class, not in ChannelProviderLocal? It seems like there would have to be something like "onRead(requester)" and "onWrite(requester)" interfaces available in the PvRecord class (similar to the process() interface).
from pvapy.
sveseli
commented on August 16, 2024
Access security is now available (since release 4.0.0, see https://github.com/epics-base/pvaPy/blob/master/documentation/accessSecurity.md).
from pvapy.
Related Issues (20)
- timestamp not updating with pvput for PVs on PvaServer HOT 2
- Async functionality should propagate the errors/exceptions to the caller HOT 3
- compile for aarch64 HOT 1
- Seg fault with arrays HOT 4
- PvaServer.addRecord not working on Windows 10 HOT 2
- PyPI: pvaPy on Raspberry Pi HOT 11
- Dumping to JSON does not escape strings HOT 4
- Mirror server slow processing large struct arrays
- Error when requesting multiple fields from the same struct HOT 1
- add custom field to NTSCALAR record HOT 1
- Review performance testing HOT 10
- Best method for handling reconnections to large numbers of PVs HOT 7
- Possibility of supporting epicscorelibs for PyPI uploaded wheels HOT 4
- Reading and writing to a single array element of a PVAccess PV HOT 1
- Bug executing`pvget` on unchanged PV in remote server. HOT 15
- Can't install for Python 3.10 on Mac HOT 7
- Unable to install on Macs that use Apple M-series (ARM) chips HOT 5
- pvaPy server listing all fields as 'changed' despite only updating value and timeStamp HOT 4
- Type stubs missing HOT 1
- numpy v2 upgrade causing problems HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pvapy.