You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice to support per-client-application configurations on the server if desired. This would allow the backend to "lookup" the desired config for each client individually, supporting applications with varied policies.
Comments via email pasted below:
(shreyas) What i meant by multiple configuration is imagine there are 2 client applications connecting to single appsensor server. I would like each to have separate detection points(i.e IE1 for one client has a threshold of 10 seconds whereas the second client has 25 seconds).Is this already present or something that needs to be added?
(jtmelton) Oh ok, I think I understand now. No, that is not in place exactly. You could cheat by giving each its' own detection point name (ie1-client1, ie1-client2), but that would not be helpful when doing data analysis later. Currently, the policy is set across all client applications at once.
We could do something similar to localization in Java, where you have the default configuration, and then can provide a custom version for a given client if you wish. For instance if the client name is "MySpecialApp", you could have a file called "appsensor-server-MySpecialApp.xml that contains overrides for the configuration for that specific client. What do you think? Would that work for your needs or did you have another idea in mind?
(shreyas) That would work perfectly. OK is there code to support this?
(jtmelton) No, there's nothing there right now. You'll essentially want to look at the code here: https://github.com/jtmelton/appsensor/tree/master/configuration-modes/appsensor-configuration-stax/src/main/java/org/owasp/appsensor/configuration/stax/server. There are a couple ways I can think of doing it, but I think the simplest would be to update the ServerConfiguration class so that every get/find method takes a client application name as a parameter. Then, you'll have to update the code everywhere that uses those and supply that information. Then the StaxServerConfiguration object can read in all the configuration files that are available at startup and store them as a map keyed by the client application name. If a getter is called for a client application where a key exists (ie. a custom file exists), then lookup that configuration and use it. Otherwise, you'll lookup the default file (stored in key "DEFAULT" or something). What do you think? If this sounds like something you want to tackle, we can make up a ticket to track the work.
(shreyas) Yes that is something that i can tackle.
The text was updated successfully, but these errors were encountered:
It would be nice to support per-client-application configurations on the server if desired. This would allow the backend to "lookup" the desired config for each client individually, supporting applications with varied policies.
Comments via email pasted below:
(shreyas) What i meant by multiple configuration is imagine there are 2 client applications connecting to single appsensor server. I would like each to have separate detection points(i.e IE1 for one client has a threshold of 10 seconds whereas the second client has 25 seconds).Is this already present or something that needs to be added?
(jtmelton) Oh ok, I think I understand now. No, that is not in place exactly. You could cheat by giving each its' own detection point name (ie1-client1, ie1-client2), but that would not be helpful when doing data analysis later. Currently, the policy is set across all client applications at once.
We could do something similar to localization in Java, where you have the default configuration, and then can provide a custom version for a given client if you wish. For instance if the client name is "MySpecialApp", you could have a file called "appsensor-server-MySpecialApp.xml that contains overrides for the configuration for that specific client. What do you think? Would that work for your needs or did you have another idea in mind?
(shreyas) That would work perfectly. OK is there code to support this?
(jtmelton) No, there's nothing there right now. You'll essentially want to look at the code here: https://github.com/jtmelton/appsensor/tree/master/configuration-modes/appsensor-configuration-stax/src/main/java/org/owasp/appsensor/configuration/stax/server. There are a couple ways I can think of doing it, but I think the simplest would be to update the ServerConfiguration class so that every get/find method takes a client application name as a parameter. Then, you'll have to update the code everywhere that uses those and supply that information. Then the StaxServerConfiguration object can read in all the configuration files that are available at startup and store them as a map keyed by the client application name. If a getter is called for a client application where a key exists (ie. a custom file exists), then lookup that configuration and use it. Otherwise, you'll lookup the default file (stored in key "DEFAULT" or something). What do you think? If this sounds like something you want to tackle, we can make up a ticket to track the work.
(shreyas) Yes that is something that i can tackle.
The text was updated successfully, but these errors were encountered: