On Fri, Feb 19, 2010 at 1:34 PM, John Eckersberg <[email protected]> wrote: > I propose the following, assmuming it will be reasonably > straightforward and not pull in a ton of unexpected deps: > > - Ship the python 2.5 version of SimpleXMLRPCServer bundled with func > - Update the server (minion) code to use this bundled version on > python < 2.5, otherwise use the standard library version > - Update the minion and overlord to base64 encode xmlrpc traffic
Personally, I like the "sanitize the data" option. It's got the best longer-term security in mind, as it means that we (or our users that build on top of Func) won't later have to deal with weird security issues because we've allowed Bobby Tables (http://xkcd.com/327/) through. Either base64 or url encoding the data before it hits the xmlrpc server seems like the right way to go. > I will throw together a proof of concept for this hopefully sometime > Monday. If anybody has thoughts / opinions / suggestions by all means > let's hear them! > > - John ---Brett _______________________________________________ Func-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/func-list
