[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients

David Ripton dripton at ripton.net
Thu May 20 10:56:59 MDT 2004


On 2004.05.20 00:40:54 +0000, Glyph Lefkowitz wrote:
> On Wed, 2004-05-19 at 23:54, David Ripton wrote:
> 
> > This is simple and works, but it's annoyingly repetitive.  And plumbing 
> > code is infecting the application level.  And I know there are other 
> > object vs. id caches inside PB, so this feels redundant.  What's the 
> > right way to do this with Copyable?
> 
> Use Cacheable - sort of.  That helps with the state-management issues. 

That was the answer I was kinda expecting, except for the "sort of"
part that indicates it's not the real answer.

Cacheable is heavier to use than Copyable, so I was hoping to 
develop with Copyable, then introduce Cacheable later if performance
demanded it.  I guess it's possible to do the same thing with security,
but that's much scarier.

> There are about ten other holes you didn't notice 

Got a list?

> and rewinding changes
> is an inherently unsafe way to conceptualize the problem.

Unsafe because you can easily forget to do it in a spot (agreed --
unless you build it into the framework), or unsafe because the client 
can exploit its copy of the Copyable server object in other ways?

> If you're seriously interested in security with PB, you will need
> newpb.  You should bother Brian Warner, since it seems like it's
> *almost* there and he just needs a little more nudging.

Hey Brian, nudge.  If there's anything I can do to help, email me.

-- 
David Ripton    dripton at ripton.net




More information about the Twisted-Python mailing list