Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #5532

Re: obviscating python code for distribution

From harrismh777 <harrismh777@charter.net>
Newsgroups comp.lang.python
Subject Re: obviscating python code for distribution
References (2 earlier) <mailman.1614.1305517027.9059.python-list@python.org> <4dd0a1fc$0$29983$c3e8da3$5496439d@news.astraweb.com> <BANLkTin8JUYbSCOvCHvXYt+LYZMn1Th1tA@mail.gmail.com> <mailman.1623.1305524499.9059.python-list@python.org> <4dd0e507$0$29983$c3e8da3$5496439d@news.astraweb.com>
Message-ID <Y4fAp.198$4h1.182@newsfe06.iad> (permalink)
Date 2011-05-16 14:40 -0500

Show all headers | View raw

Steven D'Aprano wrote:
> To put it in a
> nutshell, you can't trust*anything*. See the classic paper by Ken
> Thompson, "Reflections on Trusting Trust":
>

This is true, but there's another way to put it pro-active---


... expect the client to be untrustworthy.


In other words, write the server code with a protocol that 'expects' the 
client to be hacked. Yes, it takes three times the code and at least 
five times the work, but its worth it.

What do you do with syn floods?

What do you do with attempted overruns?

What if someone builds a client emulator, just to hammer your protocol 
and slow the server down, just for fun...?

You must build your server side 'assuming' that *all* of these things 
are going to happen (and more), and then be able to handle them when 
they do. That is what makes server-side coding so difficult.

In other words, you build the server in such a way that you can 
confidently hand Mr junior cracker your client source code and be 
confident that your gaming server is going to be a.o.k.

Many, many, coders don't want to go to all this trouble (and don't)... 
mainly because they're just glad if they can get simple sockets to work. 
So, they don't handle attempted overruns, or syn flood open attempts, or 
other.

One thing to remember (think about this) is whether your server/client 
is in a push or pull mode. *Never* allow the client to be in control 
(pushing) while your server is passively (pulling). The server must 
control everything so that the untrusted client will be *controlled* 
regardless  of client side hacks.

I realize that this probably means redesign of your server. Do it.

Happy gaming!

m harris

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-15 20:04 -0600
  Re: obviscating python code for distribution Ben Finney <ben+python@benfinney.id.au> - 2011-05-16 13:29 +1000
    Re: obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-15 21:36 -0600
      Re: obviscating python code for distribution harrismh777 <harrismh777@charter.net> - 2011-05-15 22:48 -0500
      Re: obviscating python code for distribution Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-05-16 04:03 +0000
        Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-16 14:40 +1000
        Re: obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-15 23:41 -0600
          Re: obviscating python code for distribution Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-05-16 08:49 +0000
            Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-16 19:10 +1000
            Re: obviscating python code for distribution harrismh777 <harrismh777@charter.net> - 2011-05-16 14:40 -0500
          Re: obviscating python code for distribution Nobody <nobody@nowhere.com> - 2011-05-16 13:05 +0100
        Re: obviscating python code for distribution James Mills <prologic@shortcircuit.net.au> - 2011-05-16 16:00 +1000
        Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-16 16:12 +1000
        Re: obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-16 00:17 -0600
        Re: obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-16 00:20 -0600
          Re: obviscating python code for distribution Ben Finney <ben+python@benfinney.id.au> - 2011-05-17 10:22 +1000
        Re: obviscating python code for distribution James Mills <prologic@shortcircuit.net.au> - 2011-05-16 16:24 +1000
        Re: obviscating python code for distribution geremy condra <debatem1@gmail.com> - 2011-05-16 00:27 -0700
        Re: obviscating python code for distribution Jean-Michel Pichavant <jeanmichel@sequans.com> - 2011-05-16 11:36 +0200
        Re: obviscating python code for distribution "Littlefield, Tyler" <tyler@tysdomain.com> - 2011-05-16 08:44 -0600
          Re: obviscating python code for distribution Ben Finney <ben+python@benfinney.id.au> - 2011-05-17 10:30 +1000
          Re: obviscating python code for distribution alex23 <wuwei23@gmail.com> - 2011-05-16 20:45 -0700
        Re: obviscating python code for distribution Dotan Cohen <dotancohen@gmail.com> - 2011-05-17 09:16 +0300
        Re: obviscating python code for distribution Chris Angelico <rosuav@gmail.com> - 2011-05-17 16:39 +1000
        Re: obviscating python code for distribution "D'Arcy J.M. Cain" <darcy@druid.net> - 2011-05-17 09:36 -0400
      Re: obviscating python code for distribution Ben Finney <ben+python@benfinney.id.au> - 2011-05-16 14:10 +1000
        Re: obviscating python code for distribution Grant Edwards <invalid@invalid.invalid> - 2011-05-16 13:52 +0000
          Re: obviscating python code for distribution Ben Finney <ben+python@benfinney.id.au> - 2011-05-17 10:27 +1000
    Re: obviscating python code for distribution Disc Magnet <discmagnet@gmail.com> - 2011-05-20 14:49 +0530

csiph-web