[Twisted-Python] Forwarded questions about PB
glyph at twistedmatrix.com
Tue Oct 16 17:39:26 EDT 2001
On Tuesday, October 16, 2001, at 04:45 AM, Itamar Shtull-Trauring wrote:
> BTW, I read that you want to use RPC over unix domain sockets
> - the Twisted project has a generic secure remote object
> publishing system called PB. It runs over sockets, SSL, unix
> domain sockets, etc.. The main idea was to help people
> implement programs without having to design a protocol from
> scratch each time. The Twisted framwork is in general a
> wonderful platform for server developement:
> http://www.twistedmatrix.com. And that way maybe someday it
> can work with other stuff as well (e.g. Java).
> I'll take a look at it but I don't think it's the right thing for the
> crypto library, at least without some kind of user authentication that
> I currently haven't implemented. Even with authentication I'd be
> uncomfortable exposing the server directly to an IP network. My idea
> is to connect the server to the application host over a point to point
> connection like a serial port.
If the serial port can be represented as a byte stream (even better, as
a file descriptor), then PB could easily be hooked up to it.
> Does PB have some advantage over running a standard non-encrypted RPC
> protocol over SSL?
Well, depends what you mean by "standard":
CORBA: You can evolve PB interfaces without rebuilding/restarting both
sides of the application each time.
XML-RPC: You have a lot more expressiveness, and it consumes a lot less
SOAP: Not as complex, not as expensive. Object-to-object communication
model instead of application-to-application.
Sun RPC: Um... are you serious?
RMI: It runs in more languages than just Java. It's implemented in a
If there were a good, standard, multi-language non-encrypted RPC
protocol that could run over a serial port, then I suppose this question
would be easier to answer, but I don't know what sort of protocol you're
> And philosophically I think you'd like it. For example, the
> way it implements home directories for users in a web
> server. Each user runs their own webserver, and then the main
> one that listens on port 80 forwards request to ~itamar/ to my
> personal web server (using PB). So each user has their CGIs,
> server scripts and so on, run using their own permissions and
> Why not just use an apache proxy server on port 80, proxying requests
> to user servers?
Some information is lost that way; for example, what host the request
originated from, and what the original URL was. Also, apache tends to
like to run lots of processes, which if every user is running can be
rather resource-consumptive (not to mention that it likes to run as
Also, apache proxying for user servers is hardly the default ;-).
mod_rewrite would probably be able to handle such a thing in the right
configuration, but with Twisted it works out-of-the-box.
> And I'm a developer on it (though I wasn't at all involved with these
> parts of the code), so I'm sure my bias shows :)
> I did look at twistedmatrix a few days ago and it looked kind of
> interesting. I didn't notice any of the security/crypto stuff at the
We don't have any really radical security ideas -- the hope is that SSL
will provide "good enough" crypto for any protocol that we design, and
PB's security model is directly modeled after capability security
There is an integrated authentication and security model in PB and
______ you are in a maze of twisted little applications, all
| |_\ remarkably consistent.
| | -- glyph lefkowitz, glyph @ twisted matrix . com
More information about the Twisted-Python