A Python application server?
Moshe Zadka
m at moshez.org
Mon Jun 2 11:00:05 EDT 2003
On Mon, 2 Jun 2003, "Duncan Smith" <buzzard at urubu.freeserve.co.uk> wrote:
> Having looked at PYRO, Twisted and WebWare I'm pretty confident that most of
> the technology is in place. But I have been told that to emulate the
> existing system there would have to be a Python equivalent of an 'untrusted
> Java applet'. (I'm not convinced this is actually necessary for the given
> app., but the existing system does use RMI and Java applets.)
You can continue using Java applets, just changing the protocol from RMI
to some language-agnostic standard. Or...
> "Java is the only mainstream technology that adds the required level of
> safety for code travelling around a network, and the flexibility to invent
> our own controls, regardless of the operating system being used."
Flash is probably as good as Java. Both share the same problem: users
dislike them. A browser is a browser, not (as netscape would have you
believe) a platform for programs.
> As the system is web-based I also want to address the security aspects
> (protecting the server
The server must not trust the client. Ever. For anything.
If what the remote Java application does it stuff like measure time
or stop cheating, then the design is WRONG WRONG WRONG and exploitable.
>, foiling eavesdroppers
That's easy, use SSL.
> protecting the client).
Use real web technology, not Java. Send the browser HTML forms. Keep
time on the server.
--
Moshe Zadka -- http://moshez.org/
Buffy: I don't like you hanging out with someone that... short.
Riley: Yeah, a lot of young people nowadays are experimenting with shortness.
Agile Programming Language -- http://www.python.org/
More information about the Python-list
mailing list