is there a safe marshaler?

P

Paul Rubin

Irmen de Jong said:
Thanks for the tip. I'll think about this.
Click to expand...

Hmm, you also want a random blob in each packet (including the session
start) included in the authentication of the next packet, so the
attacker can't cut and paste messages from old sessions into the
current ones. You know, by the time you're through designing this you
may be better off just using SSL and getting it over with. It's very
easy to make mistakes designing these types of protocols. There are
some reasonable examples in "Applied Cryptography", but maybe you
don't want to deal with this stuff.
Well, my experience with RMI is very limited (and from a few years ago)
but I remember that you are required to set a security manager on your
RMI objects. I always used Java's default rmi security manager but I
honestly don't know what it actually does :-D
Click to expand...

Thanks, I should try to find out more about this. I'm about to be
doing some stuff with an existing RMI app and I better make sure it's
not already vulnerable.
I label things like SOAP and XML-RPC much different than RMI or Pyro,
because they (SOAP) are much more "distant" from the actual
programming language and environment beneath them. I don't know if
this is good thinking or not but the fact that RMI and Pyro expose
language features directly, and SOAP not, makes that I reason about them
differently.
Click to expand...

Hmm, I sort of understand this, but not completely. Does DCOM or .NET
expose language features directly?
Then again, Pyro allows you to use two forms of XML serialization
on the wire (instead of pickle), which may or may not move it much closer
to SOAP and the likes. But there are other reasons for not wanting
a Pyro server exposed on the internet. Such as the lack of a good
security analisys of Pyro. Perhaps it suffers from similar holes
as XMLRPC until recently...
Click to expand...

I've been meaning to look at Pyro and will certainly let you know if I
spot any problems, but of course there might be some that I don't find.
Furthermore there are practical issues such as having to
open a buch of new ports in your firewall. In my experience
this is very hard to get done, sadly, in contrast to just
exposing a "web-service" (in whatever form) on port 80 HTTP.
Click to expand...

Yes, though RMI requires the same.
 
I

Irmen de Jong

Paul said:
Hmm, you also want a random blob in each packet (including the session
start) included in the authentication of the next packet, so the
attacker can't cut and paste messages from old sessions into the
current ones. You know, by the time you're through designing this you
may be better off just using SSL and getting it over with. It's very
easy to make mistakes designing these types of protocols. There are
some reasonable examples in "Applied Cryptography", but maybe you
don't want to deal with this stuff.
Click to expand...

Heh, indeed I rather don't.
I know a bit about this stuff, but not nearly enough to come
up with a water tight design by myself, so it's much easier
and safer to rely on trusted work by others.

Hmm, I sort of understand this, but not completely. Does DCOM or .NET
expose language features directly?
Click to expand...

..NET: no idea
DCOM: as it is based on DCE/RPC, I would say: no. There's this MIDL
thing sitting in between and stuff like that. There's no such thing
as a specific class id and/or method name and/or parameter list that
directly maps onto an object.method in the programming environment.

I must confess, this stuff is getting all rather messy and probably not
worth to try to make such a distinction between all the RPC protocols :)
I've been meaning to look at Pyro and will certainly let you know if I
spot any problems, but of course there might be some that I don't find.
Click to expand...

I would appreciate it.

Yes, though RMI requires the same.
Click to expand...

Precisely. There is this tunneling thing, but I never got it to work.
In the end, using a SSH tunnel may prove to be even easier :-D
(just let sshd listen on port 80 and you're set)


--Irmen
 
P

Paul Rubin

Irmen de Jong said:
I know a bit about this stuff, but not nearly enough to come
up with a water tight design by myself, so it's much easier
and safer to rely on trusted work by others.
Click to expand...

Yeah, at this point I think it's safest to just use SSL. If I use
Pyro for anything I'll probably do it that way.
DCOM: as it is based on DCE/RPC, I would say: no. There's this MIDL
thing sitting in between and stuff like that. There's no such thing
as a specific class id and/or method name and/or parameter list that
directly maps onto an object.method in the programming environment.
Click to expand...

Hmm, ok, maybe we need something like that for Python, perhaps as a
Pyro extension.
Precisely. There is this tunneling thing, but I never got it to work.
In the end, using a SSH tunnel may prove to be even easier :-D
(just let sshd listen on port 80 and you're set)
Click to expand...

I think if you want to get serious about authentication, SSL has more
of a developed infrastructure. Frankly I've never understood why ssh
caught on instead of telnet over SSL. See stunnel.org for a simple
SSL tunnel.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

TPCServer and xdrlib 9
Is there a module to organize and parse command line parameters? 2
PyWart: PEP8: a seething cauldron of inconsistencies. 1
PyWart: PEP8: A cauldron of inconsistencies. 7
Yesterday is a canceled check 0
Yesterday is a canceled check 0
Experiences/guidance on teaching Python as a first programminglanguage 110
Desc of packages for XML processing 1

Members online

No members online now.
Total: 843 (members: 5, guests: 838)
Robots: 230

Forum statistics

Threads
474,219
Messages
2,571,120
Members
47,741
Latest member
WilliamsFo

Latest Threads

Top