[Twisted-Python] Forwarded questions about PB

Chris Armstrong carmstro at twistedmatrix.com
Tue Oct 16 14:03:55 EDT 2001


On Tue, Oct 16, 2001 at 11:45:34AM +0200, Itamar Shtull-Trauring wrote:
> -------- Original Message --------
> To: lists at itamarst.org
> Subject: Re: hi all, new crypto library
> 
> 	BTW, I read that you want to use RPC over unix domain sockets
> 	- the Twisted project has a generic secure remote object
> 	publishing system called PB. It runs over sockets, SSL, unix
> 	domain sockets, etc.. The main idea was to help people
> 	implement programs without having to design a protocol from
> 	scratch each time. The Twisted framwork is in general a
> 	wonderful platform for server developement:
> 	http://www.twistedmatrix.com. And that way maybe someday it
> 	can work with other stuff as well (e.g. Java).
> 
> I'll take a look at it but I don't think it's the right thing for the
> crypto library, at least without some kind of user authentication that
> I currently haven't implemented.  Even with authentication I'd be
> uncomfortable exposing the server directly to an IP network.  My idea
> is to connect the server to the application host over a point to point
> connection like a serial port.

Why do you have to expose the server to an IP network? like itamar said, you
can use regular sockets, SSL, *or* unix domain sockets. And serial ports can
speak TCP/IP with SLIP. I'm not sure how hard it would be to do a native
serial port interface in twisted..

> Does PB have some advantage over running a standard non-encrypted RPC
> protocol over SSL?

Yes, it's really cool RPC. :-)

> 	And philosophically I think you'd like it. For example, the
> 	way it implements home directories for users in a web
> 	server. Each user runs their own webserver, and then the main
> 	one that listens on port 80 forwards request to ~itamar/ to my
> 	personal web server (using PB). So each user has their CGIs,
> 	server scripts and so on, run using their own permissions and
> 	limits.
> 
> Why not just use an apache proxy server on port 80, proxying requests
> to user servers?

1) We want to use twisted.web
2) we want to use PB
3) python is more secure than C :-)

> 	And I'm a developer on it (though I wasn't at all involved with these
> 	parts of the code), so I'm sure my bias shows :)
> 
> I did look at twistedmatrix a few days ago and it looked kind of
> interesting.  I didn't notice any of the security/crypto stuff at the
> time.

well admittedly all we have for security/crypto is SSL. (right?)

Anyway, I know these answers aren't the best, someone else will give good
ones :)





More information about the Twisted-Python mailing list