Irmen de Jong <[EMAIL PROTECTED]> writes: > > What do you do about the security issue if you're using pickle? Do > > you have to trust the other end to not send you malicious pickles? > > I do nothing about it. > Yes, you have to trust the other end. > So you have to use your own -or Pyro's- authentication/authorization > logic to make sure that the other end can be trusted. > You could use SSL with certificates for instance.
Well, ok, if you trust then other end then I think it's enough to just authenticate all the pickles (say using hmac.py) without needing something as heavyweight as SSL. If you use SSL you need something like m2crypto since the SSL option in the socket module doesn't check certificates, IIRC. > In fact, this is the reason why I started this thread. > I wanted to discover some possibilities to replace pickle > by another thing, so that Pyro becomes 'safe' at the wire > protocol level. > But further discussion on the Pyro mailing list sort of > made it clear that this is not desirable. Why do you say it's not desirable? Don't competing protocols like RMI try to stay safe from malicious peers? Why should I not want to expose a Pyro service to the internet? It's a natural thing to want to do. -- http://mail.python.org/mailman/listinfo/python-list