Skip to content

Import secure programming guide for DRb from ruby/ruby #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Import secure programming guide for DRb from ruby/ruby #43

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,15 @@ timeserver = DRbObject.new_with_uri(SERVER_URI)
puts timeserver.get_current_time
```

#### Security

As DRb allows remote clients to invoke arbitrary methods, it is not suitable to
expose to untrusted clients.

When using DRb, try to avoid exposing it over the network if possible. If this
isn't possible and you need to expose DRb to the world, you *must* configure an
appropriate security policy with +DRb::ACL+.

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
Expand All @@ -92,4 +101,3 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/ruby/drb.