[Twisted-Python] Potential PB Security Problem (And Solution)

Donovan Baarda abo at minkirri.apana.org.au
Sat Feb 16 05:39:05 MST 2002 

On Sat, Feb 16, 2002 at 05:42:48AM -0600, Glyph Lefkowitz wrote:
> On Fri, 2002-02-15 at 22:04, Kevin Turner wrote:
> > On Fri, 2002-02-15 at 19:12, Christopher Armstrong wrote:
[...]
> > What do you mean, "wasn't meant to pass privledged information"?  Your
> > example has you appending the "secure data" to a list that's from who
> > knows where!  You have no idea who holds a reference to that list, or
> > who will hold references to the list (or certain items on the list) in
> > the near future.  And, as a happy little object, I don't see why you
> > should care.  You perform your operation with the given parameters, and
> > that's all your job is, isn't it?
> 
> There are two kinds of "who" here.  One "who" is to know the objects
> that will have knowledge of your object.  That's encapsulation, which is
> all well and good, but we break it sometimes, for various reasons;
> python's nifty because it lets us do that when necessary.  The other
> "who" is more important, though: it's the actual *people* that will have
> access to the information that you're sending through that method call.

coming completely out of the blue with no experience or understanding to
give me enough qualifications to even comment (but doing it anyway :-).

Just a thought; why is a local object any more trustworthy than a remote
one? To me the local vs remote trust boundary seem to be a bit arbitary. It
is better to think about the trust relationship between the objects than
where they are located. Why and how do the objects trust each other?

Perhaps this _can_ be reduced to "Because it's local and hence I or some
other local object I trust created it". However, I think once you start
going down the path of secure transactions between objects, it's better to
try and provide a generalised solution. There are various ways that
authenticated and secured communications between objects can be implemented,
and perhaps even made "translucent".


-- 
----------------------------------------------------------------------
ABO: finger abo at minkirri.apana.org.au for more info, including pgp key
----------------------------------------------------------------------

More information about the Twisted-Python mailing list