Web Services 的安全问题??
我创建了一个WebServices,这个WebServices是运行svn commandline client 的命令 svn st filepath,返回命令执行的结果。
代码如下:
Public Overridable Function GetSVNStatusAlert(ByVal Password As String, ByVal SVNCommand As String) As SVNStatusResult()
Dim result(0) As SVNStatusResult
result(0) = New SVNStatusResult()
If Not AuthorizeAdmin(password, result(0).ToObject) Then
Return (result)
End If
TraceMessage(Xignite.Shared.Trace.MessageTypes.Service, Me.GetType.FullName, GetCurrentMethod.Name, SVNCommand)
Try
Dim svnPath As String = "C:\Program Files\CollabNet\Subversion Client\svn.exe"
If Not System.IO.File.Exists(svnPath) Then
TraceMessage(Xignite.Shared.Trace.MessageTypes.Service, Me.GetType.FullName, GetCurrentMethod.Name, "Path1 doesn't exist")
svnPath = "C:\Program Files (x86)\CollabNet\Subversion Client\svn.exe"
If Not System.IO.File.Exists(svnPath) Then
TraceMessage(Xignite.Shared.Trace.MessageTypes.Service, Me.GetType.FullName, GetCurrentMethod.Name, "Path2 doesn't exist")
result(0).AddError("svn doesn't find or install in the deafult folder C:\\Program Files\\CollabNet\\Subversion Client or C:\\Program Files (x86)\\CollabNet\\Subversion Client")
Return result
End If
End If
Dim ps As System.Diagnostics.ProcessStartInfo = New System.Diagnostics.ProcessStartInfo(svnPath, SVNCommand)
ps.UseShellExecute = False
ps.CreateNoWindow = True
ps.RedirectStandardOutput = True
Dim p As System.Diagnostics.Process = System.Diagnostics.Process.Start(ps)
Dim strResult As String = String.Empty
strResult = p.StandardOutput.ReadToEnd()
p.WaitForExit()
TraceMessage(Xignite.Shared.Trace.MessageTypes.Service, Me.GetType.FullName, strResult.ToString)
' Definition for svn status: http://www.linxit.de/svnbook/en/1.0/re26.html
'Dim operation As String
'Select Case pair(0)
' Case "A"
' operation = "Addition"
' Case "D"
' operation = "Deletion"
' Case "M"
' operation = "Modified"
' Case "C"
' operation = "Conflict"
' Case "X"
' operation = "External"
' Case "I"
' operation = "Ignored"
' Case "?"
' operation = "Uncontrol"
' Case "!"
' operation = "Missing"
' Case "~"
' operation = "Replace"
'End Select
Dim tokens As String() = strResult.Split(New String() {"A ", "D ", "M ", "C ", "X ", "I ", "? ", "! ", "~ ", "L ", "+ ", "S ", "* "}, StringSplitOptions.RemoveEmptyEntries)
Dim index As Int32 = 0
For i As Int32 = 0 To tokens.Length - 1
Dim token As String = tokens(i).Trim()
If String.IsNullOrEmpty(token) Then
Continue For
End If
Dim pos As Int32 = strResult.IndexOf(token)
Dim operation As String = strResult.Substring(0, pos).Trim()
ReDim Preserve result(index)
result(index) = New SVNStatusResult
With result(index)
.Operation = operation.Trim()
.Path = token
End With
strResult = strResult.Substring(pos + token.Length)
index = index + 1
Next
Catch ex As Exception
GeneralFailure(Me, GetCurrentMethod.Name, ex, result(0).ToObject)
End Try
Return result
End Function
当你把这个web服务部署在Machine1 上面,然后在Machine1上面调用的时候,可以返回结果,但是如果当我从另外一台机器上调用的时候,strResult = p.StandardOutput.ReadToEnd(),这个strResult总是Empty。
WebServices毕竟是跨进程操作的,在跨进程的时候如果在创建一个新的进程来执行不知道会不会有些安全问题,所以是行不通的呢?谁知道能够详细解释一下吗?如果WebServices真的做不了还得另行考虑。
[解决办法]
太难了,哎......帮顶啦
