In some environments, user accesses TD behind the proxy which doesn't support PUT meth

I think there're 2 choices: only table:import and bulk_import:

all subcommands use SSL by default <p dir=

First patch: <div class="highlight highlight-source-diff notranslate position-rela

It worked fine for me, thanks. I don't mind if you don't support <code class="notransl

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Change default access to over SSL? about td HOT 17 CLOSED

repeatedly commented on June 2, 2024

Change default access to over SSL?

from td.

Comments (17)

frsyuki commented on June 2, 2024

I think there're 2 choices:

only table:import and bulk_import:upload_parts (they use PUT method) use SSL by default
all subcommands use SSL by default

1 solves the problem that they can't upload data, and doesn't cause performance problem. But it's insecure when it issues the other requests such as query, table:list, etc.

2 causes performance problem but it's secure.

I think problem is: How is it slow if SSL is enabled? If the performance impact is reasonable trade-off, it should enable SSL by default.

from td.

mattn commented on June 2, 2024

One more candidate

3 Support X-Method-Override

from td.

hotchpotch commented on June 2, 2024

all subcommands use SSL by default

My company want to use td-commands in secure environments.

from td.

frsyuki commented on June 2, 2024

I guess the significant problem is latency of SSL's handshake. It means that I think it can enable SSL for import and bulk_import:upload_parts by default because latency is not important for these two subcommands.
Latency problem impacts on small subcommands such as table:list.

from td.

mattn commented on June 2, 2024

I know that some company still use poor functionally http-proxy that don't support PUT/DELETE and CONNECT also.
Even though you change default transport to SSL, he/she won't be able to use td-import.

from td.

mattn commented on June 2, 2024

There are two types in http-proxies. One of them can use CONNECT method. And another one use GET directly: GET https://...

from td.

repeatedly commented on June 2, 2024

First patch:

diff --git a/lib/td/command/common.rb b/lib/td/command/common.rb
index cd33c82..5603303 100644
--- a/lib/td/command/common.rb
+++ b/lib/td/command/common.rb
@@ -16,6 +16,9 @@ module Command
   end

   def get_client(opts={})
+    unless opts.has_key?(:ssl)
+      opts[:ssl] = Config.secure
+    end
     apikey = Config.apikey
     unless apikey
       raise ConfigError, "Account is not configured."
diff --git a/lib/td/command/runner.rb b/lib/td/command/runner.rb
index a7882a8..fd89bc4 100644
--- a/lib/td/command/runner.rb
+++ b/lib/td/command/runner.rb
@@ -8,9 +8,10 @@ class Runner
     @config_path = nil
     @apikey = nil
     @prog_name = nil
+    @secure = true
   end

-  attr_accessor :apikey, :config_path, :prog_name
+  attr_accessor :apikey, :config_path, :prog_name, :secure

   def run(argv=ARGV)
     require 'td/version'
@@ -67,6 +68,7 @@ EOF

     config_path = @config_path
     apikey = @apikey
+    insecure = nil
     $verbose = false
     #$debug = false

@@ -78,6 +80,10 @@ EOF
       apikey = s
     }

+    op.on('--insecure', "Insecure access: disable SSL") { |b|
+      insecure = true
+    }
+
     op.on('-v', '--verbose', "verbose mode", TrueClass) {|b|
       $verbose = b
     }
@@ -102,6 +108,9 @@ EOF
       if apikey
         TreasureData::Config.apikey = apikey
       end
+      if insecure
+        TreasureData::Config.secure = false
+      end
     rescue
       usage $!.to_s
     end
diff --git a/lib/td/config.rb b/lib/td/config.rb
index de7be0a..cc9bf0f 100644
--- a/lib/td/config.rb
+++ b/lib/td/config.rb
@@ -91,6 +91,7 @@ class Config
   @@path = ENV['TREASURE_DATA_CONFIG_PATH'] || ENV['TD_CONFIG_PATH'] || File.join(ENV['HOME'], '.td', 'td.conf')
   @@apikey = ENV['TREASURE_DATA_API_KEY'] || ENV['TD_API_KEY']
   @@apikey = nil if @@apikey == ""
+  @@secure = true

   def self.path
     @@path
@@ -107,6 +108,14 @@ class Config
   def self.apikey=(apikey)
     @@apikey = apikey
   end
+
+  def self.secure
+    @@secure
+  end
+
+  def self.secure=(secure)
+    @@secure = secure
+  end
 end

@mattn : I see. Could you create other issue?

from td.

mattn commented on June 2, 2024

It worked fine for me, thanks. I don't mind if you don't support X-Method-Override, because I can use td on my environment.

from td.

repeatedly commented on June 2, 2024

@hotchpotch
Could you check the above patch?

from td.

hotchpotch commented on June 2, 2024

cool :)

LG ™️ 👍

from td.

repeatedly commented on June 2, 2024

Many tables account:

RUBYLIB=./../td-client-ruby/lib:./lib td tables
0.66s user 0.13s system 9% cpu 8.298 total

RUBYLIB=./../td-client-ruby/lib:./lib td --insecure
tables 0.26s user 0.10s system 4% cpu 7.300 total

Less tables account:

RUBYLIB=./../td-client-ruby/lib:./lib td tables
0.37s user 0.09s system 12% cpu 3.710 total

RUBYLIB=./../td-client-ruby/lib:./lib td --insecure
tables 0.21s user 0.08s system 14% cpu 1.999 total

SSL may causes 2x slower performance for small subcommands.

from td.

mattn commented on June 2, 2024

Any more discussion?

from td.

repeatedly commented on June 2, 2024

I'm OK.

@frsyuki @kzk @muga : any comments?

from td.

kzk commented on June 2, 2024

@repeatedly please use SSL by default.

My company want to use td-commands in secure environments.

This comments from @hotchpotch tells everything :)

from td.

mattn commented on June 2, 2024

🍣

from td.

kzk commented on June 2, 2024

@mattn btw, thanks for finding proxy problem. much appreciated :)

from td.

repeatedly commented on June 2, 2024

Pushed! bc05b2a

Thanks to everyone!

from td.

Change default access to over SSL? about td HOT 17 CLOSED

Comments (17)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs