[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients

David Ripton dripton at ripton.net
Thu May 20 12:33:51 EDT 2004


On 2004.05.20 01:33:09 +0000, Christopher Armstrong wrote:
> It sounds like the client ought to just pass a string (e.g., the name of 
> the game) or something representing the game it wants to play. IOW, 
> whether it's a string or not, something that isn't possible to be munged 
> in a way that would "mess up" the server in the first place.

Yes, that's the way I solved the problem last time.  Stringify everything 
on one side.  Parse the strings on the other side.

If your goal is to have separate client and server programs rather than
a single distributed system, this is the way to do it.  If security is
your #1 goal, this is the way to do it.

If your goal is a minimal and easily maintained system, this is not the 
way to do it.  Not if you have a lot of complex state to track, anyway.
Remote references let you share the same representation on both sides,
avoiding most of the sync issues.  (Or at least delegating them to the
framework, where they can be handled consistently.)

-- 
David Ripton    dripton at ripton.net




More information about the Twisted-Python mailing list