Gabriel Genellina wrote:
2008/5/8 M.-A. Lemburg <[EMAIL PROTECTED]>:
SOAP would be a good choice if you want to send to data to other
servers as well, e.g. Java-based ones.
XML-RPC and JSON are better for simple data structures.
If you have control over both client and server and don't
need to bother with other backends or frontends, Python
pickle is the best choice.
En Fri, 09 May 2008 05:41:07 -0300, Florencio Cano <[EMAIL PROTECTED]> escribió:
I have control over agent and client but I'm not sure how to use
pickle for this task. Do you suggest to pickle the objects that I want
to send and send it over a usual socket? I have searched a bit in
Google and I have seen that Pickle is insecure by default. What do you
think about this?
"insecure" means that someone could build a specially crafted pickle able to
run arbitrary code on the unpickling environment. One way to avoid that is to only accept
pickles from trusted sources: using SSL by example.
While Pyro (http://pyro.sourceforge.net) uses pickle by default, it is well understood
that you'll have to deal with a potential security issue if your server is open to
untrusted/uncontrolled clients.
Pyro provides several things that could help you here:
- you can define a connection authenticator that checks client IP and/or
passphrases
- you can switch to an XML based serialisation protocol (courtesy of gnosis
tools)
- you can run Pyro over SSL and let SSL deal with authentication/encryption/...
Cheers
Irmen de Jong
--
http://mail.python.org/mailman/listinfo/python-list
