Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #50670
| Path | csiph.com!usenet.pasdenom.info!gegeweb.org!newsfeed.kamp.net!newsfeed.kamp.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.019 |
| X-Spam-Evidence | '*H*': 0.96; '*S*': 0.00; 'python,': 0.02; 'subject:Python': 0.06; 'json': 0.07; 'welcome.': 0.07; 'security.': 0.09; 'python': 0.11; 'dict': 0.16; 'dictionaries': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'integers,': 0.16; 'subject:object': 0.16; 'subject:security': 0.16; 'prevent': 0.16; 'wrote:': 0.18; 'slightly': 0.19; 'planned': 0.24; 'mon,': 0.24; 'source': 0.25; '15,': 0.26; 'header:In-Reply-To:1': 0.27; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'code': 0.31; 'lists': 0.32; 'everyone': 0.33; "i'd": 0.34; 'could': 0.34; 'objects': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'data,': 0.36; 'executing': 0.36; "he's": 0.36; 'url:org': 0.36; 'changing': 0.37; 'sometimes': 0.38; 'initially': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'structure': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'above,': 0.60; 'simple': 0.61; 'exchange': 0.63; 'provide': 0.64; 'worth': 0.66; 'side': 0.67; 'capable': 0.67; 'jul': 0.74; 'malicious': 0.84; 'safer,': 0.84; 'sending,': 0.84; '2013': 0.98 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Q2Ka6CbI0Rp+6WYdR718KkW5GmVpu9FLP2BLxbho+Aw=; b=Ue4DpWWtmPp4nh8JbqJr6HmV6gtb0pk0CHRq/cyC5zUb5xeketadS/tNivktYadbu7 F89eELfCUyTAurOpYof0E+/FXJH9uSNDCxxLJnJ/UZyz1wBrAw6GgJgAAwyOqZ0HJ4PD lAgkydGUUhmW3usHEZTbGW9o0AEk5yj9pihbGkIx6WKQuM3qrWdebaMImdziZ+wViM2Q xUbgVLGe3pOMNrdPNoj2YCuvIF9pBNdHqm6UUbYQfP0qP8Pf5Lkl+B/H4m9NOvmjqK3O W5DvHaj+oSW/zgGV8ECC4VP3+2O7A2klYDAZpwWnlpAYS2i5IG7zTXAGoaQIKux62k+r sz6w== |
| MIME-Version | 1.0 |
| X-Received | by 10.59.9.69 with SMTP id dq5mr27643959ved.87.1373887121734; Mon, 15 Jul 2013 04:18:41 -0700 (PDT) |
| In-Reply-To | <890384520.8302247.1373883224109.JavaMail.root@sequans.com> |
| References | <59272663.8296927.1373882548643.JavaMail.root@sequans.com> <890384520.8302247.1373883224109.JavaMail.root@sequans.com> |
| Date | Mon, 15 Jul 2013 21:18:41 +1000 |
| Subject | Re: Python - remote object protocols and security |
| From | Chris Angelico <rosuav@gmail.com> |
| To | python-list@python.org |
| Content-Type | text/plain; charset=ISO-8859-1 |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.4714.1373887129.3114.python-list@python.org> (permalink) |
| Lines | 23 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1373887129 news.xs4all.nl 15901 [2001:888:2000:d::a6]:37342 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:50670 |
Show key headers only | View raw
On Mon, Jul 15, 2013 at 8:13 PM, Jean-Michel Pichavant <jeanmichel@sequans.com> wrote: > I'd like to exchange some simple python objects over the internet. > I initially planned to use Pyro, after reading > http://pythonhosted.org/Pyro4/security.html I'm still puzzled. > > I don't mind encrypting data, if someone wants to sniff what I'm sending, > he's welcome. > > What I think I need to care about, is malicious code injections. Because > both client/server will be in python, would someone capable of executing > code by changing one side python source ? > > How do I prevent this and still provide the source to everyone ? How complicated are the objects you want to transmit? If they're just strings, integers, floats, and lists or dictionaries of the above, then you could use JSON instead; that's much safer, but (and because) it's majorly restricted. Sometimes it's worth warping your data structure slightly (eg use a dict and global functions instead of a custom object with methods) to improve security. ChrisA
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Python - remote object protocols and security Chris Angelico <rosuav@gmail.com> - 2013-07-15 21:18 +1000
csiph-web