Is there an obvious way to do this in python?

Fri Aug 4 03:18:41 EDT 2006

"Dennis Lee Bieber" <wlfraed at ix.netcom.com> wrote:

| On Thu, 3 Aug 2006 09:17:41 +0200, "H J van Rooyen"
| <mail at microcorp.co.za> declaimed the following in comp.lang.python:
|
| > Can I not use the ssl module for encrypting the connections? - Please also
| > understand that the system is aimed at small to medium companies, in
ouse  -
| > >From my perspective the only valid reason to use a database would be for
the
| > ease of reporting - the files are not large - and the speed of a dict lookup
in
| > python is hard to beat for normal transaction processing...
| >
| You might want to read the "Kode Vicious" column in a recent issue
| of Queue (probably last months issue -- it's been in my carry-bag for a
| few weeks).
|
| For an "in house" effort, encrypting the LAN traffic is probably not
| the most meaningful focus. Securing the data /storage/ is more important
| -- why secure the LAN traffic if someone can walk off with a backup of
| unsecured database. And who'd want to even spend time with a LAN sniffer
| on unencrypted traffic if that same backup is available for filching.
| >

This makes sense - message is - lock your server room...

| > NO! the last thing on my mind - want a dynamic process similar to banking
| > terminals - see my response to Simon please
| >
| ? ATMs? Or internal clerk consoles?

Semantics - sorry - neither - thinking of credit card terminals - in which area
I have dabbled in a bit...

These things have horrendously complex terminal management systems and elaborate
mechanisms to download all manner of parameters to change their behaviour... -
most have their internal state controlled by the server, sometimes formally,
sometimes just via param download...

| Pretty much everything is already in the terminal software -- what
| the operator has access to, and sees, is dependent upon the privileges
| defined for their "account". No "dynamic" loading of code (for security,
| I'd not even permit remote updates -- I'd require a floppy or CD from
| inside the secure box to change operating software; as soon as you
| permit updates to be pushed from outside you expose the risk of a
| cracker pushing a customized code set).
|

I was not aiming for this paranoid level of security - when I said "secure"  or
"reliable" I was just looking for something that would work and that I could
trust not to fall over all the time...

On the small boxes, the loading of software mechanism varies from manufacturer
to manufacturer - some allow, others disallow the download and activation of new
apps - likewise for the update of existing ones - but most banks don't use these
mechanisms, even if they are available - they all tend to bring the device in to
a trusted facility.  I don't know one of them that actually use the mechanism on
a per transaction basis, because it would be, amongst other things, too slow -
but most of the systems can force the terminal into a reload of at least its set
of parameters the next time it logs in - and this mechanism is used by for
instance AMEX to vary the messages displayed on their terminals - not quite
"code" update - but the user can't tell the difference.

I used the example because this sort of facility is the kind of thing I want to
find out if Python could do, in a more dynamic way than what the terminals that
can use it, actually use it - little thinking that I was sowing confusion -
sorry...

If you are familiar with the sort of Terminal Management Systems I am talking
about, that control the behaviour of the remote box via parameter download -
then what I want find out is how to do that in Python, but with the added
proviso that I must also be able to download "pieces" of the application - where
"download" in this sense is just to a PC in the next office on the local LAN -
So far the Pyro package that Bruno has steered me towards sounds the most
promising way of doing this - but I still haven't been able to "research" it ...

Thanks for the input and sorry about the confusion.

- Hendrik