Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #50676
| Path | csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!cs.uu.nl!news.stack.nl!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <prvs=901ab9ba6=jeanmichel@sequans.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.083 |
| X-Spam-Evidence | '*H*': 0.84; '*S*': 0.00; 'python,': 0.02; 'subject:Python': 0.06; 'json': 0.07; 'security.': 0.09; 'cc:addr :python-list': 0.11; 'python': 0.11; 'dict': 0.16; 'dictionaries': 0.16; 'integers,': 0.16; 'subject:object': 0.16; 'subject:security': 0.16; 'prevent': 0.16; 'slightly': 0.19; 'seems': 0.21; 'machine': 0.22; 'code,': 0.22; 'cc:addr:python.org': 0.22; 'cc:2**0': 0.24; 'cc:no real name:2**0': 0.24; 'source': 0.25; 'header:In-Reply-To:1': 0.27; 'url:code': 0.29; "i'm": 0.30; 'code': 0.31; 'go.': 0.31; 'lists': 0.32; 'everyone': 0.33; '-----': 0.33; 'could': 0.34; 'agree': 0.35; 'objects': 0.35; 'but': 0.35; 'executing': 0.36; 'changing': 0.37; 'remote': 0.38; 'sometimes': 0.38; 'thank': 0.38; 'bad': 0.39; 'structure': 0.39; 'how': 0.40; 'above,': 0.60; 'dave': 0.60; 'most': 0.60; 'you.': 0.62; 'information': 0.63; 'received:194': 0.64; 'url:p': 0.64; 'provide': 0.64; 'to:addr:gmail.com': 0.65; 'worth': 0.66; 'side': 0.67; 'capable': 0.67; 'notice:': 0.67; 'person,': 0.68; 'privileged.': 0.69; 'safe': 0.72; 'disclose': 0.74; 'malicious': 0.84; 'safer,': 0.84; 'lazy': 0.91; 'medium.': 0.91 |
| X-IronPort-AV | E=Sophos;i="4.89,668,1367964000"; d="scan'208";a="1682667" |
| X-Virus-Scanned | amavisd-new at zimbra.sequans.com |
| Date | Mon, 15 Jul 2013 14:41:12 +0200 (CEST) |
| From | Jean-Michel Pichavant <jeanmichel@sequans.com> |
| To | Chris Angelico <rosuav@gmail.com> |
| In-Reply-To | <CAPTjJmqAEUUrUxaFjAh8qGjBbNuhNp9Nz6RKQDbraOm0kCVJDg@mail.gmail.com> |
| Subject | Re: Python - remote object protocols and security |
| MIME-Version | 1.0 |
| X-Mailer | Zimbra 7.2.4_GA_2900 (ZimbraWebClient - GC7 (Linux)/7.2.4_GA_2900) |
| Content-Type | text/plain; charset="utf-8" |
| Content-Transfer-Encoding | base64 |
| Cc | python-list@python.org |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.4718.1373892074.3114.python-list@python.org> (permalink) |
| Lines | 26 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1373892074 news.xs4all.nl 15900 [2001:888:2000:d::a6]:35065 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:50676 |
Show key headers only | View raw
----- Original Message ----- > > What I think I need to care about, is malicious code injections. > > Because > > both client/server will be in python, would someone capable of > > executing > > code by changing one side python source ? > > > > How do I prevent this and still provide the source to everyone ? > > How complicated are the objects you want to transmit? If they're just > strings, integers, floats, and lists or dictionaries of the above, > then you could use JSON instead; that's much safer, but (and because) > it's majorly restricted. Sometimes it's worth warping your data > structure slightly (eg use a dict and global functions instead of a > custom object with methods) to improve security. > > ChrisA In the end just strings and Int. Dave seems to agree with you and JSON is the way to go. However, I don't want to write net code, I'm lazy and most importantly I'm so bad at it. So how would I send Json strings from one machine to a remote ? If I'm using http://code.google.com/p/jsonrpclib/, would it still be a Json safe way of sending strings and int ? JM -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Python - remote object protocols and security Jean-Michel Pichavant <jeanmichel@sequans.com> - 2013-07-15 14:41 +0200
csiph-web