[Tilesathome] Batik, and batik-agent

Jiri Klement jiri.klement at gmail.com
Wed Aug 27 18:36:23 BST 2008 

> 1) tilesGen currently has three ways of running Batik: through a
> wrapper, directly running the jar in java and the agent. I'm thinking
> about doing autodetection on which method to use, is there any reason
> why that would be a bad idea somehow?

Batik in wrapper/jar mode and batik in agent mode are independent.
It's possible both method will work and users might want to decide
which method use.

> 2) Batik agent seems to do some logging to the STDOUT or ERR of the
> agent server, and some to the file specified with log= on the inet
> socket. I'd really like to avoid creating logfiles at the place in the
> program I want to put this, would it be possible for it to dump that
> output to the network socket instead?

It should be safe to ignore logging to stdout/stderr, all important
stuff should get into log file. Data are written to log file only when
rendering fails, so I can instead of writing log file send error
description with agent response back to client.

> 3) The network socket listens openly to everywhere and doesn't do any
> authentication or anything at all, which means anybody that's able to
> reach a machine running the agent over tcp/ip can make it use loads of
> resources, and even overwrite any files the user running the agent has
> write access to.
>
> At the very least only listen to the local interface, and you really
> need some way to authenticate the user that's connected as well. I
> know it's possible on *nix, and for example postgres uses it for
> authentication, doing something sensible in java that will also work
> on windows is not something I know how to do.

Is it enough to authenticate using osm username/password? It is
probably easy to steal because its sent as plaintext to t at h server,
but at least some protection.
Also I can change agent to send rendered png over network, so at least
attacker won't be able to overwrite any files.

> 4) I had some problems getting the agent to work at all, does it
> require the area= parameter or something? That really should be
> optional unless you don't care about using it for anything other than
> t at h.
I didn't intend to use batik agent in anything else than t at h. But
there is no reason while area and other parameters have to be
mandatory so I will change that.

More information about the Tilesathome mailing list