[Dxspider-support] protocol woes and webclusters

[Dirk Koopman]

On 07/03/2025 20:34, IZ2LSC via Dxspider-support wrote:
> I see a lot of naivety in your messages. Or maybe you don't understand 
> the true nature of the problem. The various checks of the authenticity 
> of the spots (i.e whitelist), cannot be based on the information 
> contained in it (for example the source node, ip address, and so on), 
> because all this information can be forged at will by the attacker.
>
I'm sorry to say that the webcluster operators complaints about me 
"destroying" their system(s) is not, directly, my problem. My job is to 
try to "secure" and/or "validate" the data passing into a node.


The webserver fronted cluster software that I have used all maintain 
some state, particularly those that provide a real time spot feed via a 
websocket. All they really have to do is make a connection that logs 
into the underlying (DXSpider) node when the websocket is created, then 
set/ve7cc to get a web friendly spot format. When that websocket goes 
away, log that user out or just close the DXSpider connection - which 
works the same.

I have, for some time, been considering added websocket connections to 
DXSpider - but other more pressing stuff keeps getting in the way :-((. 
But I am open to requests about becoming more web friendly and I have 
considered adding a skinable websocket driven web interface to DXSpider 
itself as the underlying Mojolicious framework makes that sort of thing 
easy to do (once I have got my head around the inside out thinking these 
web frameworks tend to have).

IMPORTANT: please don't reply on this reflector about this, it just 
causes more noise. If you have a view, please contact me DIRECTLY with 
any suggestions or brickbats.

73 Dirk G1TLH
g1tlh at dxcluster.org