Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #50670 > unrolled thread
| Started by | Chris Angelico <rosuav@gmail.com> |
|---|---|
| First post | 2013-07-15 21:18 +1000 |
| Last post | 2013-07-15 21:18 +1000 |
| Articles | 1 — 1 participant |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: Python - remote object protocols and security Chris Angelico <rosuav@gmail.com> - 2013-07-15 21:18 +1000
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-07-15 21:18 +1000 |
| Subject | Re: Python - remote object protocols and security |
| Message-ID | <mailman.4714.1373887129.3114.python-list@python.org> |
On Mon, Jul 15, 2013 at 8:13 PM, Jean-Michel Pichavant <jeanmichel@sequans.com> wrote: > I'd like to exchange some simple python objects over the internet. > I initially planned to use Pyro, after reading > http://pythonhosted.org/Pyro4/security.html I'm still puzzled. > > I don't mind encrypting data, if someone wants to sniff what I'm sending, > he's welcome. > > What I think I need to care about, is malicious code injections. Because > both client/server will be in python, would someone capable of executing > code by changing one side python source ? > > How do I prevent this and still provide the source to everyone ? How complicated are the objects you want to transmit? If they're just strings, integers, floats, and lists or dictionaries of the above, then you could use JSON instead; that's much safer, but (and because) it's majorly restricted. Sometimes it's worth warping your data structure slightly (eg use a dict and global functions instead of a custom object with methods) to improve security. ChrisA
Back to top | Article view | comp.lang.python
csiph-web