Hello everyone, I've looked into options of implementing SSL support in pygr.Data XML-RPC server and I've found three ways which appear to make most sense. I'm posting them below along with pros and cons I have (so far) found, for discussion.
Also, by looking at this I have come to the following conclusion: SimpleXMLRPCServer will likely have to go. It simply doesn't look extensible enough to provide all we will want our XML-RPC server to offer... The question is, shall we look for a replacement which will be as compatible with the original as possible and try to extend it as we go, or implement something significantly different but meant straight away to meet our target requirements. 1. httplib.HTTPSConnection This is an equivalent of httplib's standard HTTPConnection which uses SSL. Pros: + relatively easy to get a working XML-RPC server with it + comes with Python (if it was linked against OpenSSL) from version 2.0 upwards Cons: - doesn't do much except encrypting HTTP, in particular offers no control over ciphers used and *no certificate validation* 2. The ssl module A no-nonsense Python wrapper for OpenSSL. Pros: + part of Python's standard library since version 2.6, with backports available for earlier versions + very flexible Cons: - low-level (works directly on TCP sockets) and therefore requiring quite a lot of work to get a working XML-RPC server, at least comparing to the other two options. Then again, see e.g. http://hoffie.info/articles/2007/1/6/simplexmlrpcserver-with-ssl-and-http-auth-support for already-done work. 3. M2Crypto "M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. M2Crypto can also be used to provide SSL for Twisted." See http://chandlerproject.org/bin/view/Projects/MeTooCrypto Pros: + features of both a low-level wrapper and a higher-level interface, thus combining flexibility and ease of use + requires quite little work to get a working XML-RPC server, especially if one uses provided example code Cons: - creates an external dependency, which could be a problem even though appropriate packages exist for Fink, all major Linux distributions, and Windows. -- MS --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pygr-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pygr-dev?hl=en -~----------~----~----~----~------~----~------~--~---
