Python - remote object protocols and security

Chris Angelico rosuav at gmail.com
Mon Jul 15 13:18:41 CEST 2013


On Mon, Jul 15, 2013 at 8:13 PM, Jean-Michel Pichavant
<jeanmichel at sequans.com> wrote:
> I'd like to exchange some simple python objects over the internet.
> I initially planned to use Pyro, after reading
> http://pythonhosted.org/Pyro4/security.html I'm still puzzled.
>
> I don't mind encrypting data, if someone wants to sniff what I'm sending,
> he's welcome.
>
> What I think I need to care about, is malicious code injections. Because
> both client/server will be in python, would someone capable of executing
> code by changing one side python source ?
>
> How do I prevent this and still provide the source to everyone ?

How complicated are the objects you want to transmit? If they're just
strings, integers, floats, and lists or dictionaries of the above,
then you could use JSON instead; that's much safer, but (and because)
it's majorly restricted. Sometimes it's worth warping your data
structure slightly (eg use a dict and global functions instead of a
custom object with methods) to improve security.

ChrisA



More information about the Python-list mailing list