[Python-Dev] 2.3.1

Nick Coghlan ncoghlan@email.com
Sun, 27 Jul 2003 16:11:04 +1000


Tim Peters wrote:

> [Kurt B. Kaiser]
> 
>>...
>>A very restricted change to the code would be add the following
>>to the banner printed at the top of the shell when it starts (the
>>socket connection isn't made until the shell window opens):
>>
>>***************************************************************
>>Personal firewall software may warn about the connection IDLE
>>makes to its subprocess using this computer's internal loopback
>>interface.  This connection is not visible on any external
>>interface and no data is sent to or received from the Internet.
>>***************************************************************
>>
>>This involves an addition to PyShell.py:PyShell.begin(), line 873.
>>
>>In addition, the .../idlelib/README.txt would be updated with the
>>same message w/o the asterisks.
> 
> 
> I think that's a great idea, and is all we really need for 2.3 final.  Barry
> is the release manager now, so the final call is his, but I'm +1 on it.

After seeing this thread, I experimented with 2.3c2 IDLE on my machine (Windows 
XP, with the free ZoneAlarm installed). The ZoneAlarm warning comes up *before* 
the Python Shell window opens - the shell Window doesn't open until after I 
click 'Yes'. If I click "No", the shell window never appears at all.

So Kurt's suggestion may not help, if the firewall intercepts the outgoing 
connection _before_ the above message is made visible to the user. (I suspect 
Zone Alarm halts the entire process responsible for initiating the connection 
request)

Details on the ZoneAlarm warning:

The Destination IP is given as "127.0.0.1: Port 8833" and the connecting 
application is listed as "pythonw.exe". (I imagine the port number will vary for 
different configurations and so forth - at the moment its consistent for me, but 
that is no doubt due to the particular applications I currently happen to have 
running). The IP address and application name may be useful in the warnings for 
non-technical users (after all, they clicked on an "IDLE" icon - they may not 
have any idea what "pythonw" is)

Unsurprisingly, Zone Alarm's Alert Advisor says nothing about what the program 
is, or why it is trying to access the network. I've submitted some feedback to 
them, suggesting it might be useful to point out in Alert Advisor that 
'127.0.0.1' means the connection is being made directly back to the current 
computer. This doesn't help anyone using a different firewall application, 
though (and it is questionable whether or not Zonelabs will do anything about 
it, anyway - it must be an issue they have come across before).

Regards,
Nick.

-- 
Nick Coghlan           |              Brisbane, Australia
ICQ#: 68854767         |               ncoghlan@email.com
Mobile: 0409 573 268   |   http://www.talkinboutstuff.net
"Let go your prejudices,
               lest they limit your thoughts and actions."