panyasan wrote:
>
> ...
>
> I am fairly new to Python, that's why I welcome comments and criticism
> about the current implementation, in particular, on security issues etc.
> Also, please go ahead and test the code yourself.
>
> ...
>
Since I departed from the explicit registration of service classes, the
obvious problem arises how to keep a malicious user to call arbitrary python
modules on the service class - admittedly a major problem of my approach. In
RpcPhp and RpcPerl, the issue is solved by prefixing class and method names
(class_ and method_). Currently, I solve it by requring a module attribute
("isRpcService"). Another way of solving it would be to require a specific
super class as a marker interface - I think this is how it is done in
RpcJava. Since Python supports multiple inheritance, this would be another
way to go.
What do you think? I am not attached to the current solution. In Python 3.0,
class decorators are possible, but not in Python 2.*
Thanks for your ideas,
Christian
--
View this message in context:
http://n2.nabble.com/RpcPython-fixed-and-refactored-tp4053312p4056698.html
Sent from the qooxdoo mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
qooxdoo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
