xmlrpc, httplib and SSL

Roger Binns rogerb at rogerbinns.com
Sat Mar 27 17:32:37 EST 2004 

Brian Quinlan wrote:
> >    - Connections are accepted over SSL
> 
> I don't know how much work it would take to make this happen.

There needs to be an SSL class that can be used for accepting
connections.  At the minimum it needs to be supplied a certifcate
(or certificate chain).  The more security conscious would need
to be able to restrict SSL versions and cipher suites.

> >    - Verification of HTTP authentication information
> 
> You don't need a callback to do this, just subclass
> SimpleXMLRPCRequestHandler, override do_POST, and do authentication before
> calling the base implementation.

I did, except the base implementation can't be called.  It hs this line of
code in it:

    self.connection.shutdown(1)

ie it will close the connection after every response, no matter what.

> >    - Connections are kept open/keep-alive (HTTP/1.1)
> 
> This is a one line patch. Feel free to submit it.

Well, if it is that easy I would have.  In fact, go ahead.  All the existing
code goes out of its way to use a connection for exactly one request/response
and then close it, and the main loops go out of their way to get a new
connection.

> >    - Use of a bounded thread pool that handles the connections
> 
> This is too tied to your implementation requirements. If you want something
> like this then you should add a PooledThreadingTCPServer class to
> SocketServer.py and then trivially subclass that in SimpleXMLRPCServer.py
> as:

It isn't that trivial.  See also previous comment about all the pieces of
code that try to use connections etc at most once.  Additionally, you
may call this an implementation requirement, but at the end of the
day any code that has to be on the open Internet needs to do some form
of bounding to prevent DOS attacks.  (The existing library code can
be trivially made to crash by opening thousands of connections and
not sending anything).

Just to reiterate.  It looks simple.  It looks like a few tweaks here
and there should result in the library working better.  However it
isn't like that as anyone who tries it will find out.  I already have 
a solution for my project (which also has to work under Python 2.2).

Roger

More information about the Python-list mailing list