[Twisted-Python] Potential PB Security Problem (And Solution)

Glyph Lefkowitz glyph at twistedmatrix.com
Sat Feb 16 14:53:30 EST 2002 

On Sat, 2002-02-16 at 13:26, Kevin Turner wrote:
> On Sat, 2002-02-16 at 03:42, Glyph Lefkowitz wrote:
> > If you haven't read much PB code, the problem I'm describing might seem
> > a trivial concern, but I've found at least two instances of this problem
> > "in the wild".
> 
> Is there a way to fix this?  My lack of education, that is.  There's
> more code within the Twisted repository left more me to read, but IIRC
> there are actually very few PB interfaces defined there.  (We have Words
> and Manhole and...?)

Distributed twisted.web, but you're right, that's about it.

> More pertinant here would be other applications
> (from the "wilds") which employ Twisted technology.  Are there any such
> 0775 codebases I should be aware of?  The accusation has been made that
> no one actually *uses* Twisted for anything (not to name names, but he's
> Canadian and works in Japan), but assuming that's not the case, maybe we
> could beef up the "sites using Twisted" list a little.

It is indeed unfortunate that much Twisted-using code is closed.  Not my
decision, I assure you ;).

I believe Itamar is using PB, so you could ask to look at his code -- I
know that Sean was planning on releasing a small demo at some point. 
However, this is a circular problem.  Much of this past week for me has
been spent working on a new website for tm.com and trying to come up
with introductory documentation for PB.  It needs to be documented,
standardized, and released as 1.0 before we can really expect droves of
people to come flocking to it.

Does anyone else on this list have some code to reference?  The other
folks I know of using Twisted are mostly using the other components at
this point.

> > Who would want to replace me with another evil robot?
> 
> "Do not trust the Shover-robot, he is malfunctioning,"

"Do not trust the Pusher-robot, he is doing a little too much of his own
stuff."

-- 
"Cannot stand to be one of many -- I'm not what they are."
        -Guster, "Rocketship"
                glyph lefkowitz; ninjaneer, freelance demiurge
    glyph @ [ninjaneering|twistedmatrix].com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20020216/12a34c8a/attachment.pgp

More information about the Twisted-Python mailing list