is there a safe marshaler?
Paul Rubin
http
Mon Feb 14 20:10:17 EST 2005
Irmen de Jong <irmen.NOSPAM at xs4all.nl> writes:
> I know a bit about this stuff, but not nearly enough to come
> up with a water tight design by myself, so it's much easier
> and safer to rely on trusted work by others.
Yeah, at this point I think it's safest to just use SSL. If I use
Pyro for anything I'll probably do it that way.
> DCOM: as it is based on DCE/RPC, I would say: no. There's this MIDL
> thing sitting in between and stuff like that. There's no such thing
> as a specific class id and/or method name and/or parameter list that
> directly maps onto an object.method in the programming environment.
Hmm, ok, maybe we need something like that for Python, perhaps as a
Pyro extension.
> Precisely. There is this tunneling thing, but I never got it to work.
> In the end, using a SSH tunnel may prove to be even easier :-D
> (just let sshd listen on port 80 and you're set)
I think if you want to get serious about authentication, SSL has more
of a developed infrastructure. Frankly I've never understood why ssh
caught on instead of telnet over SSL. See stunnel.org for a simple
SSL tunnel.
More information about the Python-list
mailing list