[Erlyaws-list] yaws 1.62

Gaspar Chilingarov <>
Sun Jun 11 20:44:49 CEST 2006


Hi, Yariv!

Yariv Sadan wrote:
> Hi,
>
> Is there a way of exposing only specific functions/modules to JSON-RPC
> and making the rest inaccessible (for security)?
>
> Thanks
> Yariv

you are expriclity passing to yaws_(json|xml)rpc:handler(_session) which
Module:Function should be called ;)

*RPC methods are passed as one of the arguments to that function -- i.e.
in payload which have {call, Method, Arguments} form, Method is an atom.

so you can define

handle_rpc(State, {call, add, [ A, B ]}) ->
    {false, {response, [ A + B ]}};
handle_rpc(State, {call, substract, [ A, B ]}) ->
    {false, {response, [ A - B ]}}.

Thus you will explictly allow RPC caller use 2 methods - add and substract.


Regards, Gaspar

x-posted to erlang-questions too.

-- 
Gaspar Chilingarov

System Administrator,
Network security consulting

t +37493 419763 (mob)
i 63174784
e 



More information about the erlang-questions mailing list