Disable default methods

30 views
Skip to first unread message

Eduardo Guardiola

unread,
Oct 28, 2015, 6:45:48 AM10/28/15
to Jayrock
Hi,

It is posibble to disable the default system.about, system.version, system.listMethods ? Recently a security assessment has pointed out this to us.

Thanks.

Atif Aziz

unread,
Oct 28, 2015, 3:22:41 PM10/28/15
to jay...@googlegroups.com
Those methods are probably being inherited via JsonRpcService. You could workaround by not inheriting from JsonRpcService and instead having your own base class in your project defined simply as:

public class JsonRpcService : IService
{
    ServiceClass _class;

    public virtual ServiceClass GetClass()
    {
        return _class 
            ?? (_class = JsonRpcServices.GetClassFromType(GetType()));
    }
}

- Atif 

--
You received this message because you are subscribed to the Google Groups "Jayrock" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jayrock+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Edu

unread,
Oct 29, 2015, 4:44:48 AM10/29/15
to jay...@googlegroups.com
Thanks Atif.

I'm using JsonRpcHandler and i would like to continue using his features. I'm afraid i need to include JayRock sources in my solution and simply comment out those default methods on JsonRpcService. ¿It makes sense for you?

Atif Aziz

unread,
Oct 29, 2015, 8:08:24 AM10/29/15
to Jayrock
Another option in that case would be to simply override those methods in a base class to return null? Like shown here...

class ServiceBase : JsonRpcHandler
{
    public virtual string[] SystemListMethods() { return null; }
    public virtual string SystemAbout() { return null; }
    public virtual string SystemVersion() { return null; }
}

Now you can make all your services inherit from this instead of directly from JsonRpcHandler. This would avoid you having to maintain modified version of Jayrock sources in your solution.

- Atif

Edu

unread,
Oct 29, 2015, 8:25:10 AM10/29/15
to jay...@googlegroups.com
Thank you again. I am ashamed not having realized this alternative. :-/

--
Reply all
Reply to author
Forward
0 new messages