[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients
Christopher Armstrong
radix at twistedmatrix.com
Thu May 20 13:07:06 EDT 2004
David Ripton wrote:
> On 2004.05.20 01:33:09 +0000, Christopher Armstrong wrote:
>
>>It sounds like the client ought to just pass a string (e.g., the name of
>>the game) or something representing the game it wants to play. IOW,
>>whether it's a string or not, something that isn't possible to be munged
>>in a way that would "mess up" the server in the first place.
>
>
> Yes, that's the way I solved the problem last time. Stringify everything
> on one side. Parse the strings on the other side.
>
> If your goal is to have separate client and server programs rather than
> a single distributed system, this is the way to do it. If security is
> your #1 goal, this is the way to do it.
>
> If your goal is a minimal and easily maintained system, this is not the
> way to do it. Not if you have a lot of complex state to track, anyway.
> Remote references let you share the same representation on both sides,
> avoiding most of the sync issues. (Or at least delegating them to the
> framework, where they can be handled consistently.)
Well, your example didn't look like it had much use for using
particularly complex state going both ways. Maybe you can explain this
game-choosing process in a bit more detail? Without knowing any more,
letting the user choose which game he wants to play sounds like it
shouldn't be more complex than the server giving the client a list of
strings of game-names (like "Bob's l33t Server") and the client sending
back "Bob's l33t Server" in a request later on.
IOW, the poster who said that your second and third points are basically
the same is correct; the API you're designing needs to be looked at
specifically to see the optimal secure/easy solution.
--
Twisted | Christopher Armstrong: International Man of Twistery
Radix | Release Manager, Twisted Project
---------+ http://radix.twistedmatrix.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20040520/cf51c453/attachment.pgp
More information about the Twisted-Python
mailing list