Python as network protocol

[Daniel Fetchinson]

>> I want to implement such specific feature:
>> I have a server written in Python. I have a client written in C++. I
>> want to use Python as network protocol between them. I mean: client
>> send to server such string: "a = MyObject()", so object of this type
>> will appear in server. Any ideas how to simplify this implementation?
>> I make XML-RPC/SOAP server using twisted which just execute sended
>> string. But I don't know how to:
>> 1. Restrict usage of some modules on client side (os, sys etc..)
>> 2. Divide variables of different clients. Generally, I know that I
>> should use "exec .. in .. " construct, but don't know how to
>> distinguish between clients in twisted.

Have you considered using pyro?

http://pyro.sourceforge.net/

> This is a *really* bad idea.

How do you know for sure? Maybe the OP wants to use this thing with 3
known researchers working on a cluster that is not even visible to the
outside world. In such a setup the model the OP suggested is a
perfectly reasonable one. I say this because I often work in such an
environment and security is never an issue for us. And I find it
always amusing that whenever I outline our code to a non-scientist
programmer they always run away in shock and never talk to us again :)
Nevertheless our code works perfectly for our purposes.

> Because there is no real way to restrict
> execution in python, and thus you allow clients to inject arbitrary code
> into your server. Including the notorious "os.system('rm -rf /')".
>
> So - don't do that. Use e.g. CORBA if you need a richer, object-base
> protocol than XMLRPC.

Cheers,
Daniel

-- 
Psss, psss, put it down! - http://www.cafepress.com/putitdown