[Twisted-Python] Potential PB Security Problem (And Solution)
Kevin Turner
acapnotic at twistedmatrix.com
Fri Feb 15 21:11:50 EST 2002
On Fri, 2002-02-15 at 15:44, Glyph Lefkowitz wrote:
> My proposed solution is to change the way remote methods are invoked:
> instead of emulating regular Python methods, they would be accessed
> through a 'callRemote' method
It's not "slightly more typing", it's a massive blow to the elegance and
transparency of spreadable object code. I guess you're saying that the
transparancy has become a liability, as you can't necessarily tell if
you're invoking a local or remote object (...but I thought that was the
point?). I'm also a little suprised because this is the first time I've
seen you vouch for any sort of "safety" mechanism to protect the
programmer from doing wayward things with eir data.
It also sounds like that this use case is inherently insecure. You're
passing privledged information to
some-object-passed-to-you-from-who-knows-what. I'm not sure there's
really anything you can do about that.
--
The moon is waxing crescent, 10.3% illuminated, 3.1 days old.
More information about the Twisted-Python
mailing list