[IPython-dev] Security

MinRK benjaminrk at gmail.com
Sun Apr 15 02:17:42 EDT 2012 

On Wed, Apr 11, 2012 at 05:32, Jason Grout <jason-sage at creativetrax.com>wrote:

> On 4/10/12 3:53 PM, MinRK wrote:
> > I just tried IPC on my latptop, and it definitely does work, though the
> > config is a bit weird, due to some assumptions that TCP is what people
> > actually use:
> >
> > $> ipcontroller --transport=ipc --ip=$HOME/ipcluster/socket
> >
> > will result in a bunch of files called `$HOME/ipcluster/socket:12345`.
>
> Thanks; I missed the --transport option.  When you say it is a bit
> weird, are you just talking about the --ip option?  What if we make --ip
> a synonym for --address?  --address seems to be more general (though it
> still doesn't seem to roll off the tongue as well as, say, --basename
> and using filenames that were more descriptive when using ipc).
>

There are just some TCP assumptions - for instance, it is weird to specify
`ip` as an arg that is actually a file, and it's also a bit weird that it
creates a series of files with 'socket:12345' filenames, due to the ip/port
assumptions in the code.  These are really cosmetic issues, of course.


>
> >   This sets up IPC communication for the cluster.
> >
> > The only thing I don't know about is forwarding UDS connections from the
> > client to the Hub, but if you know how to do that, you might be set
> > (some code would need to change in the ssh forwarding utils, but that
> > shouldn't be much).
>
> I was thinking that if you had forwarding set up, then you were sshing
> into the hub server and then running the client there.


If you are just going to ssh to the Hub machine and start the client there,
then there is nothing to tunnel, and this will just work as it is right
now.  I was thinking of using the tunneling we have now to start a Client
on a machine remote to the Hub, which requires setting up tunnels.



>  Hmmm...it does
> seem like an interesting problem to tunnel a UDS connection from the
> client machine to the hub machine.  If you do tunnel, then you're
> opening up a tcp port, so the advantages of not having a port open are
> out the window, I guess.  So maybe this is just a solution where the
> client and hub are all on one computer.  Or, like in our planned case,
> we have Google App Engine messages coming in over a App Engine "channel"
> to the hub computer, then sent to the hub.
>
> Jason
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20120414/d890276a/attachment.html>

More information about the IPython-dev mailing list