Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.002 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'subject:Python': 0.06; '(python': 0.07; 'happens.': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'assume': 0.14; "(i'm": 0.16; '>to': 0.16; 'accepts': 0.16; 'accesses': 0.16; 'cookies': 0.16; 'https': 0.16; 'localhost': 0.16; 'message-id:@4ax.com': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'specific,': 0.16; 'ssh': 0.16; 'sat,': 0.16; 'machine': 0.22; 'settings': 0.22; 'aug': 0.22; 'this?': 0.23; 'url:home': 0.24; 'server.': 0.24; '(or': 0.24; 'handling': 0.26; 'header:X -Complaints-To:1': 0.27; 'rest': 0.29; 'workaround': 0.31; 'run': 0.32; 'running': 0.33; 'becomes': 0.33; 'there': 0.35; 'charset :us-ascii': 0.36; 'responsible': 0.36; 'application': 0.37; 'remote': 0.38; 'connections': 0.38; 'to:addr:python-list': 0.38; 'hosted': 0.39; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'users': 0.40; 'how': 0.40; 'wish': 0.70; 'secure': 0.71; 'online': 0.71; 'listening': 0.74; 'reasons,': 0.91; 'received:108': 0.93; '2013': 0.98 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: Python 3 and SSH Tunnel Date: Sat, 10 Aug 2013 16:16:31 -0400 Organization: IISS Elusive Unicorn References: <092fdbf5-1db3-4ea5-82ee-4b02cec80dc6@googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: adsl-108-68-178-245.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 6.00/32.1186 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 25 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1376165800 news.xs4all.nl 15989 [2001:888:2000:d::a6]:51331 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:52322 On Sat, 10 Aug 2013 03:39:49 -0700 (PDT), "D. Xenakis" declaimed the following: >What about the security though? > >To be specific, i need to create an application (python 3.3 strictly) where users will save/load their settings online to a remote hosted database. I do not wish to change the database from listening to any other thing than localhost for security reasons, so i assume the best solution for me would be to make the program create some ssh tunnels before the saving/loading happens. > >But would this policy make my database (or the rest of the databases that im running on that machine) unsecure? Is there any workaround this? > >How would you do that online saving/loading? You run a "server" on the database machine which accepts the save/load connections from the remote users -- it then accesses the (now) local database for the settings information. How you secure the "server" becomes part of your protocol... HTTPS with a login/password scheme? (I'm presuming the users won't be seeing a web page, so cookies might be a non-starter for the session; instead you'd need the user login/password for all traffic). Your "server" then becomes responsible for handling all validation, and the database is still just localhost to the server. -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/