Python as network protocol

Daniel Fetchinson fetchinson at googlemail.com
Tue Nov 10 19:47:41 CET 2009


>>> This is a *really* bad idea.
>>
>> How do you know for sure? Maybe the OP wants to use this thing with 3
>> known researchers working on a cluster that is not even visible to the
>> outside world. In such a setup the model the OP suggested is a
>> perfectly reasonable one. I say this because I often work in such an
>> environment and security is never an issue for us. And I find it
>> always amusing that whenever I outline our code to a non-scientist
>> programmer they always run away in shock and never talk to us again :)
>> Nevertheless our code works perfectly for our purposes.
>
> It is a bad idea because that's exactly why we now have a spam
> problem. It _was_ a trusted environment once upon a time. Just check
> your spam messages to see why ignoring security can lead to really bad
> results.
>
> Do you know for sure that in say 3-5 years from now on your software
> isn't released into the wild and then has no security at all?

In my case, yes, I know for sure that the software I was talking about
will only be used by my colleagues (3-4 people) and will only be used
on our system. Why? Because the code is completely unportable and
undocumented and was made to serve one purpose alone: to just work on
our clusters which are not visible from the internet. And it serves
this purpose great.

In case we need to share this code, release it, modify it, etc, etc,
we will think about all the security issues. But not until then.

The point I'm trying to make is that of course I'm aware of the risks
in our approach, the environment we are working in allows for these
risks. In another situation I wouldn't use this type of approach. As a
programmer I decide what solution to use in which environment and I
intend to not over kill.

No risk environment = security holes are okay.
Risky environment = secure code from day one.

Cheers,
Daniel

-- 
Psss, psss, put it down! - http://www.cafepress.com/putitdown



More information about the Python-list mailing list