Port blocking

Ville Vainio ville at spammers.com
Tue Jan 11 08:47:41 CET 2005


>>>>> "Steve" == Steve Holden <steve at holdenweb.com> writes:

    >> >>> Usually you wouldn't run a public corba or pyro service over
    >> >>> the internet.  You'd use something like XMLRPC over HTTP port
    >> >>> 80 partly for the precise purpose of not getting blocked by
    >> >>> firewalls.

    Mark> I'm not sure if we're talking at cross-purposes here, but
    Mark> the application isn't intended for public consumption, but
    Mark> for fee-paying clients.

    >> Still, if the consumption happens over the internet there is almost
    >> 100% chance of the communication being prevented by firewalls.
    >> This is exactly what "web services" are for.

    Steve> I teach the odd security class, and what you say is far
    Steve> from true. As long as the service is located behind a
    Steve> firewall which opens up the correct holes for it, it's most
    Steve> unlikely that corporate firewalls would disallow client
    Steve> connections to such a remote port.

Yes, but "clients" might also act as servers, e.g. when they register
a callback object and expect the "server" to invoke something later
on. This is possible (and typical) with CORBA at least. ORBs can use
the same client-initiated connection for all the traffic, but this is
probably somewhere in the gray area.

-- 
Ville Vainio   http://tinyurl.com/2prnb



More information about the Python-list mailing list