{{Quickfixn}} QFN Acceptor IP and Port Validation
Aidan Chisholm
aidan.chisholm at iress.co.uk
Mon Mar 7 08:41:03 PST 2016
Just to add some more info on this thread in comparison to QF/c++ (at least version 1.13.3):
QF/c++ 1.13.3 has this functionality (session validation per listening endpoint), provided in ThreadedSocketConnection.cpp in bool ThreadedSocketConnection::setSession(const std::string& msg )
Aidan Chisholm
Mobile: +44 (0) 7760 386 157
Direct: +44 (0) 1285 405 030
aidan.chisholm at iress.co.uk<mailto:aidan.chisholm at iress.co.uk>
From: Aidan Chisholm
Sent: 04 March 2016 12:06
To: quickfixn at lists.quickfixn.com
Cc: V2-Migration <V2Migration at iress.com.au>
Subject: QFN Acceptor IP and Port Validation
Hi - I'm just querying if there's any validation for CompID IP or Ports? Or plans to add in the future?
My testing has shown that even though sessions can be assigned their own unique endpoints through use of SocketAcceptPort and SocketAcceptHost config, this doesn't stop 'cross-contamination'.
Example Acceptor settings:
[SESSION]
BeginString=FIX.4.2
TargetCompID=ABC
SocketAcceptPort=1234
[SESSION]
BeginString=FIX.4.2
TargetCompID=XYZ
SocketAcceptPort=4321
Initially I thought the above config would only allow ABC to logon to port 1234, and XYZ to logon to port 4321.
But testing has showed that the listening endpoints (ThreadedSocketReactor) are agnostic and will accept logon from any CompID whether configured for that endpoint or not.
We're looking at this from a security perspective, to make sure clients cannot pretend to be other clients configured on the same QFn instance.
Thanks
Aidan
'IRESS' is the trading name for IRESS (UK) Limited (registered number 06836280) and certain trading entities within its group, being IRESS Portal Limited (registered number 2596452); IRESS FS Limited (registered number 2958430); IRESS Technology Limited (registered number 07784841); IRESS Solutions Limited (registered number 3896352), IRESS Web Limited (registered number 05501526), IRESS Mortgage Services Limited (registered number 03598058), Proquote Limited (registered number 03851830) and Pulse Software Systems Limited (registered number 08230913); each of which is registered in England and Wales and has its registered office at 1 Kingmaker Court, Warwick Technology Park, Warwick CV34 6DY. Any reference to the Group or 'we' herein means any or all of the above mentioned entities.
Information contained in this email is intended only for the addressee and may contain privileged and/or confidential information. If you have received this message in error please notify the sender immediately and permanently delete the message, and do not use, copy or disclose the information contained in this message or in any attachment. Although we operate anti-virus programs, we do not warrant that this email is virus free and accept no responsibility in the event any viruses are passed on. We may monitor replies to this email for operational or business reasons.
For more information about the Group please visit our web site at www.iress.co.uk <http://www.iress.co.uk/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20160307/da14bac4/attachment-0002.htm>
More information about the Quickfixn
mailing list