is there a safe marshaler?

[Paul Rubin]

Irmen de Jong <irmen.NOSPAM at xs4all.nl> writes:
> I know a bit about this stuff, but not nearly enough to come
> up with a water tight design by myself, so it's much easier
> and safer to rely on trusted work by others.

Yeah, at this point I think it's safest to just use SSL.  If I use
Pyro for anything I'll probably do it that way.

> DCOM: as it is based on DCE/RPC, I would say: no. There's this MIDL
> thing sitting in between and stuff like that. There's no such thing
> as a specific class id and/or method name and/or parameter list that
> directly maps onto an object.method in the programming environment.

Hmm, ok, maybe we need something like that for Python, perhaps as a
Pyro extension.

> Precisely. There is this tunneling thing, but I never got it to work.
> In the end, using a SSH tunnel may prove to be even easier :-D
> (just let sshd listen on port 80 and you're set)

I think if you want to get serious about authentication, SSL has more
of a developed infrastructure.  Frankly I've never understood why ssh
caught on instead of telnet over SSL.  See stunnel.org for a simple
SSL tunnel.