[Twisted-Python] Random Thinking

Omar Kilani ok at mailcall.com.au
Wed Jul 16 08:00:18 EDT 2003


On 16 Jul 2003, Moshe Zadka wrote:

> On 16 Jul 2003, Omar Kilani <ok at mailcall.com.au> wrote:
> 
> > The Perspective Broker documentation states that it's "secure". 
> 
> That means that malicious clients can't [hopefully] compromise servers,
> and malicious servers can't compromise clients. That has nothing
> to do with SSL. In fact, one day I intend to write a long rant
> about why cryptography has little to do with security.

I understand that SSL doesn't make something secure. I just ment does it
encrypt the data in some way? Etc. I actually just wanted a method of
determining that the machine is who it says it is. And SSL solves that
problem nicely (or some form of PKI.)

> 
> > How is it secure? Does it run over SSL? Can it? 
> 
> It can run over SSL, yes. listenSSL and getObjectAtSSL work
> well enough for that.
> 

Ah. My fault, I didn't see getObjectAtSSL. Sorry.

> > Am I able to reject connections with untrusted SSL certificates? 
> 
> You'd need to work a little bit for that. I estimate an overhead
> of about 10 lines compared to what you had to do if we actually
> engineered it correctly :(
> [Summary: inherit from pb.Broker to do that check in connectionMade,
> inherit from pb.BrokerFactoy to build your inherited Broker rather
> than pb.Broker]
> 

OK. Thanks.

> > Am I able to trust certificates programmatically? I want give the client
> > a list of servers that are untrusted, and when the user clicks 'Trust',
> > the connection is then permitted.
> 
> This is probably an issue of pyOpenSSL, because that's the underlying
> layer for what Twisted uses. You will also probably want to save it
> somewhere: Twisted is somewhat  on this issue. You will need to decide
> where to save. Of course, files work :)
> 
> > Is it possible to multicast from server --> n*client? 
> 
> Not with PB. PB is TCP based, multicast is UDP based. Twisted does
> support UDP, but you'll have to build your own layer on top of it.
> Of course, you can still use jelly, which is the secure marshaller used
> internally by PB. Of course, UDP is inherently insecure in that
> malicious meddlers can do whatever they want to it [listen in, capture
> packets, etc.] You can, of course, encrypt/sign the jellied packets
> you multicast using packages like pycrypto.
>

OK. I don't really mean "multicast". I mean somehow call the same methods
with the same data on a bunch of different "clients" (OK, how do I
describe the non-servers? :-)

Can I do this efficiently? Is there a need to even worry about it?
Should I just:

for connect in connects:
	connect.callRemote(...)
 
> > Can I call methods on the client from the server? (so that the server
> > can push information to the client asynchronously.)
> 
> Yes.
> You should probably convince yourself to stop saying the word "server"
> or "client". There's little difference between them, except the server
> gives the client an initial object reference.
>

I'll try. I don't know how else to describe them. :-)
What I really meant was: can I callRemote from the initial object
reference provider to the ... "client"?
 
> > How's the stability of the GTK2 compatible Perspective Broker code in
> > Twisted?
> 
> There's no relationship between GTK2 and PB. GTK2 looks to Twisted like
> a reactor -- basically, something very low-level, pushing the bits.
> Perspective Broker is all protocol-level code, which means it only
> cares someone is pushing the bits. Of course, there are specific GUI
> classes for PB-based authentication, but there is a good chance you
> won't want them.
>

OK. What I really meant (hehe) was: Is the GTK2 reactor code stable?
Should I be aware of any surprises it might present?
Are there examples of usage?
Is calling gtk2reactor.install() all I need to do?
  
> > Has anyone ever attempted to integrate Spread (www.spread.org) with
> > Twisted and use it as the transport?
> 
> Not to my knowledge.
> 
> 

OK. I've only just started looking at Twisted. So some of my questions may
seem rather superfluous. There's a lot in Twisted, and I'm trying to get
my head around it.

Thanks for your help.

Regards,
Omar Kilani





More information about the Twisted-Python mailing list