Path: csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!nerim.net!novso.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.009
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'subject:Python': 0.06; '*not*': 0.07; 'json': 0.07; 'users,': 0.07; 'contexts': 0.09; 'release.': 0.09; 'python': 0.11; 'bug': 0.12; '10:45': 0.16; 'bit.': 0.16; 'dictionaries': 0.16; 'fetch': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'json,': 0.16; 'module?': 0.16; 'protecting': 0.16; 'subject:object': 0.16; 'subject:security': 0.16; 'well-known': 0.16; 'wrote:': 0.18; 'restrictions': 0.19; 'meant': 0.20; '>>>': 0.22; 'affects': 0.24; 'instance,': 0.24; 'mind.': 0.24; 'mon,': 0.24; 'environment': 0.24; 'sort': 0.25; '15,': 0.26; 'possibly': 0.26; 'header:In-Reply-To:1': 0.27; 'point': 0.28; 'specifically': 0.29; 'fixed': 0.29; 'chris': 0.29; 'am,': 0.29; 'xml': 0.29; "doesn't": 0.30; 'strongly': 0.30; 'then.': 0.30; 'message- id:@mail.gmail.com': 0.30; 'easier': 0.31; 'pickle': 0.31; 'safely': 0.31; 'objects': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'module.': 0.36; 'next': 0.36; 'starting': 0.37; 'system,': 0.38; 'massive': 0.38; 'to:addr :python-list': 0.38; 'issue': 0.38; 'pm,': 0.38; 'little': 0.38; 'expect': 0.39; 'itself': 0.39; 'structure': 0.39; 'to:addr:python.org': 0.39; 'even': 0.60; 'dave': 0.60; 'numbers': 0.61; 'simply': 0.61; 'talking': 0.65; 'frequently': 0.68; 'secure': 0.71; 'jul': 0.74; 'power': 0.76; 'transfer': 0.82; '08:30': 0.84; 'compact,': 0.84; 'etc,': 0.84; 'presumably': 0.84; 'angel': 0.91; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ioZYnwxuMQtSFNRn0KetRNs8t0uZBnoD8nd/+ADOvL0=; b=MbOLm5OeHpgkuL4bj6o8zoI6DZTVOgHCdyN4yvkWt4mYu58HTGBqJ6J51zurCyk1Sr L+u7IrkD4zbWsuy2vVBtNO0imB8vLox2RpeZyj5lmoOwSsvjTUwSgx0D8YqMxL/AOF7b SaYXXISvA6hp88dEZ/lIQ33UfBL3WCMfr78PqXqD4arieTGaR//oaL76DNgkRo1+6Z3s 11pXDlIYL4VI9CH4QVWDKq7+vFtryDaFTv+MaHq2BNuH3a5V1SSoKJw+UWXKbFOJQGMx liApZ/wlXXWrK4p3nhl2r+vl6pahqD5ZaQjwXkJaaYp1dqDmOPKl2UVzfAa99js1ERAe fs3g==
MIME-Version: 1.0
X-Received: by 10.52.163.165 with SMTP id yj5mr24049784vdb.104.1373893075786; Mon, 15 Jul 2013 05:57:55 -0700 (PDT)
In-Reply-To: <ks0qto$bgc$1@ger.gmane.org>
References: <ks0loh$hp4$1@ger.gmane.org> <142271145.8401649.1373891187398.JavaMail.root@sequans.com> <CAPTjJmp-XwmAvkkqgqJVbdD8v2kxDfAMuhO0WCXQjk9BqhHz1Q@mail.gmail.com> <ks0qto$bgc$1@ger.gmane.org>
Date: Mon, 15 Jul 2013 22:57:55 +1000
Subject: Re: Python - remote object protocols and security
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.4723.1373893083.3114.python-list@python.org>
Lines: 35
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1373893083 news.xs4all.nl 16005 [2001:888:2000:d::a6]:49159
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:50681

On Mon, Jul 15, 2013 at 10:45 PM, Dave Angel <davea@davea.name> wrote:
> On 07/15/2013 08:30 AM, Chris Angelico wrote:
>>
>> On Mon, Jul 15, 2013 at 10:26 PM, Jean-Michel Pichavant
>> <jeanmichel@sequans.com> wrote:
>>>
>>> Basically, I need to transfer numbers (int). Possibly dictionaries like
>>> {string: int} in order to structure things a little bit.
>>
>>
>> I strongly recommend JSON, then. It's a well-known system, it's
>> compact, it's secure, and Python comes with a json module.
>>
>
> And presumably has been tested against injection attacks (implied by your
> use of 'secure.')

Talking about the json module? I would expect it has, given that JSON
is frequently used in untrusted contexts (unlike, for instance,
pickle, which is specifically *not* for untrusted data). But even if
it has some sort of exploit, that would be a bug to be fixed in the
library; it would be an issue that affects many other users, and
someone will likely report it and get it fixed in the next point
release.

But what I meant was that the protocol itself is designed with
security restrictions in mind. It's designed not to fetch additional
content from the network (as XML can), nor to retrieve named objects
from the environment (as pickle can), etc, etc. That doesn't mean it's
perfect, but it's a lot easier to make a secure protocol based on JSON
than one based on pickle, simply because starting with the basics and
adding safely is easier than starting with massive power and then
protecting around issues.

ChrisA