Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Python as network protocol

Reply
Thread Tools

Python as network protocol

 
 
Steven D'Aprano
Guest
Posts: n/a
 
      11-10-2009
On Tue, 10 Nov 2009 12:28:49 -0500, geremy condra wrote:

> Steven, remember a few weeks ago when you tried to explain to me that
> the person who was storing windows administrative passwords using a 40
> byte xor cipher with the hardcoded password might not be doing something
> stupid because I didn't know what their threat model was? Yeah- what you
> just said is what I was trying to explain then.


No, I'm sure that wasn't me... perhaps some other Steven D'Aprano... from
the Evil Dimension...

*wink*

Seriously, I'm not sure if I knew that the person was storing Windows
admin passwords at the time. If I had, I probably would have agreed with
you. But using a 40 byte xor cipher to obfuscate some strings in a game
is perfectly valid -- not every locked box needs to be a safe with 18
inch tempered steel walls.

I can only repeat what I said to Daniel: can you guarantee that the nice
safe, low-risk environment will never change? If not, then choose a more
realistic threat model, and build the walls of your locked box
accordingly.


--
Steven
 
Reply With Quote
 
 
 
 
Diez B. Roggisch
Guest
Posts: n/a
 
      11-10-2009
> My point is that hacking can still be a fun and easy-going activity
> when one writes code for himself (almost) without regards to security
> and nasty things like that creeping in from the outside. I'm the king
> in my castle, although I'm fully aware of the fact that my castle
> might be ugly from the outside


Which is a relevant statement in the context of the OP seeking advice on
*secure ways* of executing code in a restricted environment in exactly
what way?

Diez
 
Reply With Quote
 
 
 
 
Daniel Fetchinson
Guest
Posts: n/a
 
      11-10-2009
>> My point is that hacking can still be a fun and easy-going activity
>> when one writes code for himself (almost) without regards to security
>> and nasty things like that creeping in from the outside. I'm the king
>> in my castle, although I'm fully aware of the fact that my castle
>> might be ugly from the outside

>
> Which is a relevant statement in the context of the OP seeking advice on
> *secure ways* of executing code in a restricted environment in exactly
> what way?


Okay, I reread the original message and you are right, the OP did want
restricted scope, so probably his environment is not completely risk
free.

Cheers,
Daniel

--
Psss, psss, put it down! - http://www.cafepress.com/putitdown
 
Reply With Quote
 
Ethan Furman
Guest
Posts: n/a
 
      11-10-2009
Daniel Fetchinson wrote:
> I'm the king in my castle, although I'm fully aware of the fact that my castle
> might be ugly from the outside


+1 QOTW
 
Reply With Quote
 
Ethan Furman
Guest
Posts: n/a
 
      11-10-2009
Steven D'Aprano wrote:
> I can only repeat what I said to Daniel: can you guarantee that the nice
> safe, low-risk environment will never change? If not, then choose a more
> realistic threat model, and build the walls of your locked box
> accordingly.


Seems to me you can't really *guarentee* anything, especially something
as elusive as the distant future. Program for what your needs are, and
document accordingly.

~Ethan~
 
Reply With Quote
 
geremy condra
Guest
Posts: n/a
 
      11-10-2009
On Tue, Nov 10, 2009 at 2:08 PM, Steven D'Aprano
<(E-Mail Removed)> wrote:
> On Tue, 10 Nov 2009 12:28:49 -0500, geremy condra wrote:
>
>> Steven, remember a few weeks ago when you tried to explain to me that
>> the person who was storing windows administrative passwords using a 40
>> byte xor cipher with the hardcoded password might not be doing something
>> stupid because I didn't know what their threat model was? Yeah- what you
>> just said is what I was trying to explain then.

>
> No, I'm sure that wasn't me... perhaps some other Steven D'Aprano... from
> the Evil Dimension...
>
> *wink*


I think I saw a mustache on him. Probably evil.

> Seriously, I'm not sure if I knew that the person was storing Windows
> admin passwords at the time. If I had, I probably would have agreed with
> you. But using a 40 byte xor cipher to obfuscate some strings in a game
> is perfectly valid -- not every locked box needs to be a safe with 18
> inch tempered steel walls.


Granted, and I am going to be able to give a very nice talk on how not
to do cryptography partially as a result of that particularly egregious bit of
silliness, so I guess I can't complain too much.

> I can only repeat what I said to Daniel: can you guarantee that the nice
> safe, low-risk environment will never change? If not, then choose a more
> realistic threat model, and build the walls of your locked box
> accordingly.


Or, plan on becoming part of one of my presentations in a few years.
Either way works for me.

Geremy Condra
 
Reply With Quote
 
Aahz
Guest
Posts: n/a
 
      11-15-2009
In article <(E-Mail Removed)>,
Cooch <(E-Mail Removed)> wrote:
>
>I want to implement such specific feature:
>I have a server written in Python. I have a client written in C++. I
>want to use Python as network protocol between them. I mean: client
>send to server such string: "a = MyObject()", so object of this type
>will appear in server. Any ideas how to simplify this implementation?
>I make XML-RPC/SOAP server using twisted which just execute sended
>string. But I don't know how to:
>1. Restrict usage of some modules on client side (os, sys etc..)
>2. Divide variables of different clients. Generally, I know that I
>should use "exec .. in .. " construct, but don't know how to
>distinguish between clients in twisted.


What you want is a DSL -- domain-specific language. That might be a
subset of Python that you parse yourself.
--
Aahz ((E-Mail Removed)) <*> http://www.pythoncraft.com/

[on old computer technologies and programmers] "Fancy tail fins on a
brand new '59 Cadillac didn't mean throwing out a whole generation of
mechanics who started with model As." --Andrew Dalke
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Developing a network protocol with Python Laszlo Zsolt Nagy Python 12 12-15-2005 07:42 PM
wireless network protocol 802.11g+ =?Utf-8?B?QXJjYW5nZWw=?= Wireless Networking 1 05-06-2005 01:23 PM
Protocol Chart - Learn how to use a Protocol Analyzer news.comcast.giganews.com Wireless Networking 0 08-21-2004 04:35 PM
When i try to implement a server program giving UDP as protocol , it works fine , but if the same code is executed with TCP as protocol option, it gives an error. Tompyna Perl Misc 4 02-17-2004 06:51 PM
APC Network Management Cards Network Time Protocol Support NOT! Ed M Cisco 2 11-19-2003 07:57 PM



Advertisments