Python - remote object protocols and security

Jean-Michel Pichavant jeanmichel at sequans.com
Mon Jul 15 14:41:12 CEST 2013


----- Original Message -----
> > What I think I need to care about, is malicious code injections.
> > Because
> > both client/server will be in python, would someone capable of
> > executing
> > code by changing one side python source ?
> >
> > How do I prevent this and still provide the source to everyone ?
> 
> How complicated are the objects you want to transmit? If they're just
> strings, integers, floats, and lists or dictionaries of the above,
> then you could use JSON instead; that's much safer, but (and because)
> it's majorly restricted. Sometimes it's worth warping your data
> structure slightly (eg use a dict and global functions instead of a
> custom object with methods) to improve security.
> 
> ChrisA

In the end just strings and Int.
Dave seems to agree with you and JSON is the way to go.

However, I don't want to write net code, I'm lazy and most importantly I'm so bad at it.
So how would I send Json strings from one machine to a remote ?
If I'm using http://code.google.com/p/jsonrpclib/, would it still be a Json safe way of sending strings and int ?

JM



-- IMPORTANT NOTICE: 

The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


More information about the Python-list mailing list