Returned proxy points only to loopback interface

MirkoWaechterMirkoWaechter Mirko WaechterOrganization: University of KarlsruheProject: ArmarX Robot FrameworkMember

Hello,

my application has an interface function that returns the properties admin proxy (C++):

Ice::ObjectPrx adminObj = getCommunicator()->getAdmin();
Ice::PropertiesAdminPrx propAdmin = Ice::PropertiesAdminPrx::checkedCast(adminObj, "Properties");
return propAdmin;

proxyToString() on this proxy returns:

proxy: ConditionHandler/admin -f Properties -t -e 1.0:tcp -h 127.0.0.1 -p 40047

The problem is that this proxy only contains the endpoint 127.0.0.1 instead of all interfaces.
Thus, if a someone calls this from another machine this return proxy is unusable for that client.

Why does this proxy only contain the loopback interface as endpoint?

Best Answers

  • bernardbernard Jupiter, FLBernard NormierOrganization: ZeroC, Inc.Project: Ice ZeroC Staff
    edited September 2017 Accepted Answer

    Hello Mirko,

    It's usually a good idea to restrict who can talk to your admin object, see:
    https://doc.zeroc.com/display/Ice37/Security+Considerations+for+Administrative+Facets

    The admin proxy endpoints you're seeing correspond to your setting for the Ice.Admin.Endpoints property, which seems to be:

    # Use an ephemeral port
    Ice.Admin.Endpoints=tcp -h 127.0.0.1
    

    or

    Ice.Admin.Endpoints=tcp -h 127.0.0.1 -p 40047
    

    You want to change the value of this property to make your admin object reachable over the network, for example:

    # listen on all network interfaces, and publish only non-localhost endpoints in proxies
    Ice.Admin.Endpoints=tcp -h * -p 40047
    

    Best regards,
    Bernard

  • MirkoWaechterMirkoWaechter Mirko WaechterOrganization: University of KarlsruheProject: ArmarX Robot Framework
    Accepted Answer

    Thank you, that solves it.

Answers

  • bernardbernard Jupiter, FLBernard NormierOrganization: ZeroC, Inc.Project: IceAdministrators, ZeroC Staff ZeroC Staff
    edited September 2017 Accepted Answer

    Hello Mirko,

    It's usually a good idea to restrict who can talk to your admin object, see:
    https://doc.zeroc.com/display/Ice37/Security+Considerations+for+Administrative+Facets

    The admin proxy endpoints you're seeing correspond to your setting for the Ice.Admin.Endpoints property, which seems to be:

    # Use an ephemeral port
    Ice.Admin.Endpoints=tcp -h 127.0.0.1
    

    or

    Ice.Admin.Endpoints=tcp -h 127.0.0.1 -p 40047
    

    You want to change the value of this property to make your admin object reachable over the network, for example:

    # listen on all network interfaces, and publish only non-localhost endpoints in proxies
    Ice.Admin.Endpoints=tcp -h * -p 40047
    

    Best regards,
    Bernard

  • MirkoWaechterMirkoWaechter Mirko WaechterOrganization: University of KarlsruheProject: ArmarX Robot FrameworkMember
    Accepted Answer

    Thank you, that solves it.

Sign In or Register to comment.