Python - remote object protocols and security
Dave Angel
davea at davea.name
Mon Jul 15 08:45:48 EDT 2013
On 07/15/2013 08:30 AM, Chris Angelico wrote:
> On Mon, Jul 15, 2013 at 10:26 PM, Jean-Michel Pichavant
> <jeanmichel at sequans.com> wrote:
>> Basically, I need to transfer numbers (int). Possibly dictionaries like {string: int} in order to structure things a little bit.
>
> I strongly recommend JSON, then. It's a well-known system, it's
> compact, it's secure, and Python comes with a json module.
>
And presumably has been tested against injection attacks (implied by
your use of 'secure.')
JM: That's the flip side. If you CAN find some open-source that
exactly meets your needs, it presumably has had lots of eyes on it to
spot the little bugs that are likely to pop up in any new implementation.
There's a vast grey area between
1) so simple it's safer to do it myself
and
2) so complex the open-source version must have bugs, so I'd better do
it myself.
in between, you use the open-source code or library.
But this is why I always start by trying to narrow the choice of what
you *need*.
...the only secure system is one physically contained in a room with a
padlock, and with a guard. And only if the guard is yourself...
--
DaveA
More information about the Python-list
mailing list