is there a safe marshaler?
Paul Rubin
http
Mon Feb 14 17:55:16 EST 2005
Irmen de Jong <irmen.NOSPAM at xs4all.nl> writes:
> > What do you do about the security issue if you're using pickle? Do
> > you have to trust the other end to not send you malicious pickles?
>
> I do nothing about it.
> Yes, you have to trust the other end.
> So you have to use your own -or Pyro's- authentication/authorization
> logic to make sure that the other end can be trusted.
> You could use SSL with certificates for instance.
Well, ok, if you trust then other end then I think it's enough to just
authenticate all the pickles (say using hmac.py) without needing
something as heavyweight as SSL. If you use SSL you need something
like m2crypto since the SSL option in the socket module doesn't check
certificates, IIRC.
> In fact, this is the reason why I started this thread.
> I wanted to discover some possibilities to replace pickle
> by another thing, so that Pyro becomes 'safe' at the wire
> protocol level.
> But further discussion on the Pyro mailing list sort of
> made it clear that this is not desirable.
Why do you say it's not desirable? Don't competing protocols like RMI
try to stay safe from malicious peers? Why should I not want to
expose a Pyro service to the internet? It's a natural thing to want
to do.
More information about the Python-list
mailing list