Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Port blocking

Reply
Thread Tools

Port blocking

 
 
Mark Carter
Guest
Posts: n/a
 
      01-10-2005
Supposing I decide to write a server-side application using something
like corba or pyro.

What's the chance that in big corporations, the client's ports (in both
senses of the word: fee-paying, and application) will be blocked,
thereby immediately scuppering whatever I have written? Has this problem
ever arisen for anyone?

Also, is there a good tool for writing database UIs?
 
Reply With Quote
 
 
 
 
Paul Rubin
Guest
Posts: n/a
 
      01-10-2005
Mark Carter <(E-Mail Removed)> writes:
> Supposing I decide to write a server-side application using something
> like corba or pyro.
>
> What's the chance that in big corporations, the client's ports (in
> both senses of the word: fee-paying, and application) will be blocked,
> thereby immediately scuppering whatever I have written? Has this
> problem ever arisen for anyone?


Usually you wouldn't run a public corba or pyro service over the
internet. You'd use something like XMLRPC over HTTP port 80 partly
for the precise purpose of not getting blocked by firewalls.

> Also, is there a good tool for writing database UIs?


Yes, quite a few.
 
Reply With Quote
 
 
 
 
Mark Carter
Guest
Posts: n/a
 
      01-10-2005
Paul Rubin wrote:
> Mark Carter <(E-Mail Removed)> writes:
>
>>Supposing I decide to write a server-side application using something
>>like corba or pyro.


> Usually you wouldn't run a public corba or pyro service over the
> internet. You'd use something like XMLRPC over HTTP port 80 partly
> for the precise purpose of not getting blocked by firewalls.


Although, when you think about it, it kinda defeats the purposes of
firewalls. Not that I'm criticising you personally, you understand.

>>Also, is there a good tool for writing database UIs?

>
>
> Yes, quite a few.


Ah yes, but is there really? For example, I did a search of the TOC of
GTK+ Reference Manual:
http://developer.gnome.org/doc/API/2.0/gtk/index.html
for the word "data", and there's apparently no widget which is
explicitly tied to databases. So in GTKs case, for instance, it looks
like one has to roll one's own solution, rather than just using one out
of the box.
 
Reply With Quote
 
Mark Carter
Guest
Posts: n/a
 
      01-10-2005
Mark Carter wrote:
> Paul Rubin wrote:


>> Usually you wouldn't run a public corba or pyro service over the
>> internet. You'd use something like XMLRPC over HTTP port 80 partly
>> for the precise purpose of not getting blocked by firewalls.


I'm not sure if we're talking at cross-purposes here, but the
application isn't intended for public consumption, but for fee-paying
clients.
 
Reply With Quote
 
Diez B. Roggisch
Guest
Posts: n/a
 
      01-10-2005
> Usually you wouldn't run a public corba or pyro service over the
> internet. You'd use something like XMLRPC over HTTP port 80 partly
> for the precise purpose of not getting blocked by firewalls.


What exactly makes sending bytes over port 80 more secure than over any
other port? It has always been my impression that this was to create less
administrative troubles for firewall admins. But its not inherently more
secure. That's a property of the application running.

--
Regards,

Diez B. Roggisch
 
Reply With Quote
 
Grant Edwards
Guest
Posts: n/a
 
      01-10-2005
On 2005-01-10, Diez B. Roggisch <(E-Mail Removed)> wrote:

>> Usually you wouldn't run a public corba or pyro service over
>> the internet. You'd use something like XMLRPC over HTTP port
>> 80 partly for the precise purpose of not getting blocked by
>> firewalls.

>
> What exactly makes sending bytes over port 80 more secure than
> over any other port?


Nothing.

When has reality had anything to do with the way corporate IT
types configure firewalls?

> It has always been my impression that this was to create less
> administrative troubles for firewall admins.


It's to give corporate IT types the _illusion_ of security and
relieve them of the need to learn how to configure firewalls.

> But its not inherently more secure. That's a property of the
> application running.


--
Grant Edwards grante Yow! HAIR TONICS, please!!
at
visi.com
 
Reply With Quote
 
Ville Vainio
Guest
Posts: n/a
 
      01-10-2005
>>>>> "Mark" == Mark Carter <(E-Mail Removed)> writes:

Mark> Mark Carter wrote:
>> Paul Rubin wrote:


>>> Usually you wouldn't run a public corba or pyro service over
>>> the internet. You'd use something like XMLRPC over HTTP port
>>> 80 partly for the precise purpose of not getting blocked by
>>> firewalls.


Mark> I'm not sure if we're talking at cross-purposes here, but
Mark> the application isn't intended for public consumption, but
Mark> for fee-paying clients.

Still, if the consumption happens over the internet there is almost
100% chance of the communication being prevented by firewalls.

This is exactly what "web services" are for.

--
Ville Vainio http://tinyurl.com/2prnb
 
Reply With Quote
 
Steve Holden
Guest
Posts: n/a
 
      01-11-2005
Mark Carter wrote:

> Paul Rubin wrote:
>
>> Mark Carter <(E-Mail Removed)> writes:
>>
>>> Supposing I decide to write a server-side application using something
>>> like corba or pyro.

>
>
>> Usually you wouldn't run a public corba or pyro service over the
>> internet. You'd use something like XMLRPC over HTTP port 80 partly
>> for the precise purpose of not getting blocked by firewalls.

>
>
> Although, when you think about it, it kinda defeats the purposes of
> firewalls. Not that I'm criticising you personally, you understand.
>

Yet another brilliant Microsoft marketing concept: "****, these bloody
firewalls are getting in the way of our new half-baked ideas for
application architectures to replace all that funky not-invented-here
open source stuff we can't charge money for. Let's design something that
completely screws up existing firewall strategies, then we can charge
people extra to firewall the new stuff after we've hooked them all on
yet another inferior execution of existing ideas".

>>> Also, is there a good tool for writing database UIs?

>>
>>
>>
>> Yes, quite a few.

>
>
> Ah yes, but is there really? For example, I did a search of the TOC of
> GTK+ Reference Manual:
> http://developer.gnome.org/doc/API/2.0/gtk/index.html
> for the word "data", and there's apparently no widget which is
> explicitly tied to databases. So in GTKs case, for instance, it looks
> like one has to roll one's own solution, rather than just using one out
> of the box.


There isn't, IMHO, anything with the polish of (say) Microsoft Access,
or even Microsoft SQL Server's less brilliant interfaces. Some things
Microsoft *can* do well, it's a shame they didn't just stick to the
knitting.

regards
Steve
--
Steve Holden http://www.holdenweb.com/
Python Web Programming http://pydish.holdenweb.com/
Holden Web LLC +1 703 861 4237 +1 800 494 3119
 
Reply With Quote
 
Steve Holden
Guest
Posts: n/a
 
      01-11-2005
Ville Vainio wrote:

>>>>>>"Mark" == Mark Carter <(E-Mail Removed)> writes:

>
>
> Mark> Mark Carter wrote:
> >> Paul Rubin wrote:

>
> >>> Usually you wouldn't run a public corba or pyro service over
> >>> the internet. You'd use something like XMLRPC over HTTP port
> >>> 80 partly for the precise purpose of not getting blocked by
> >>> firewalls.

>
> Mark> I'm not sure if we're talking at cross-purposes here, but
> Mark> the application isn't intended for public consumption, but
> Mark> for fee-paying clients.
>
> Still, if the consumption happens over the internet there is almost
> 100% chance of the communication being prevented by firewalls.
>
> This is exactly what "web services" are for.
>

I teach the odd security class, and what you say is far from true. As
long as the service is located behind a firewall which opens up the
correct holes for it, it's most unlikely that corporate firewalls would
disallow client connections to such a remote port.

Web services are for offering services despite the fact that the
corporate firewall managers are valiantly trying to stop unknown
services from presenting to the outside world (and my immediately
preceding post tells you what I think of that idea).

The situation is analogous to connecting to web servers running on
non-standard ports (8000 and 8080 are traditional favorites, but
firewalls very rarely accord them any special treatment).

Most firewall configurations allow fairly unrestricted outgoing
connections, limiting rules to sanity checking of addresses to ensure
nobody inside the firewall is address spoofing. Incoming connections are
usually limited to specific combinations of port number and IP address
known to be legitimate corporate services to the external world.
Firewalling web services effectively is just an additional pain for the
network manager.

regards
Steve
--
Steve Holden http://www.holdenweb.com/
Python Web Programming http://pydish.holdenweb.com/
Holden Web LLC +1 703 861 4237 +1 800 494 3119
 
Reply With Quote
 
Paul Rubin
Guest
Posts: n/a
 
      01-11-2005
Mark Carter <(E-Mail Removed)> writes:
> >>Also, is there a good tool for writing database UIs?

> > Yes, quite a few.

>
> Ah yes, but is there really? For example, I did a search of the TOC of
> GTK+ Reference Manual:


Try looking on freshmeat or sourceforge instead.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Switching from Non-Blocking to Blocking IO Christian Java 5 12-02-2007 11:24 PM
Non-blocking and semi-blocking Sockets class. nukleus Java 14 01-22-2007 08:22 PM
stealth-blocking, isp blocking website Dhruv Computer Security 9 01-25-2005 05:37 PM
Blocking and non blocking assignment in VHDL Hendra Gunawan VHDL 1 04-08-2004 06:03 AM
blocking i/o vs. non blocking i/o (performance) Andre Kelmanson C Programming 3 10-12-2003 02:09 PM



Advertisments