[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients

Christopher Armstrong radix at twistedmatrix.com
Thu May 20 13:07:06 EDT 2004

David Ripton wrote:
> On 2004.05.20 01:33:09 +0000, Christopher Armstrong wrote:
>>It sounds like the client ought to just pass a string (e.g., the name of 
>>the game) or something representing the game it wants to play. IOW, 
>>whether it's a string or not, something that isn't possible to be munged 
>>in a way that would "mess up" the server in the first place.
> Yes, that's the way I solved the problem last time.  Stringify everything 
> on one side.  Parse the strings on the other side.
> If your goal is to have separate client and server programs rather than
> a single distributed system, this is the way to do it.  If security is
> your #1 goal, this is the way to do it.
> If your goal is a minimal and easily maintained system, this is not the 
> way to do it.  Not if you have a lot of complex state to track, anyway.
> Remote references let you share the same representation on both sides,
> avoiding most of the sync issues.  (Or at least delegating them to the
> framework, where they can be handled consistently.)

Well, your example didn't look like it had much use for using 
particularly complex state going both ways. Maybe you can explain this 
game-choosing process in a bit more detail? Without knowing any more, 
letting the user choose which game he wants to play sounds like it 
shouldn't be more complex than the server giving the client a list of 
strings of game-names (like "Bob's l33t Server") and the client sending 
back "Bob's l33t Server" in a request later on.

IOW, the poster who said that your second and third points are basically 
the same is correct; the API you're designing needs to be looked at 
specifically to see the optimal secure/easy solution.

  Twisted | Christopher Armstrong: International Man of Twistery
   Radix  |          Release Manager,  Twisted Project
---------+           http://radix.twistedmatrix.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20040520/cf51c453/attachment.pgp 

More information about the Twisted-Python mailing list