On Wed, Jul 20, 2011 at 4:39 PM, Tomer Filiba <[email protected]> wrote:
> yes, it's a problem i get quite a lot -- you'll need to change the default
> configuration. add a config dict like so:
> ThreadedServer(MyService, port = 18861, config = {"allow_public_attrs" :
> True, "allow_all_attrs" : True})
>
> by default, for security reasons, rpyc blocks all attribute access except
> for exposed and safe attrs.
> see http://rpyc.wikidot.com/api:core for more info.
>
> anyway, do keep in mind though that if your module (call it `foo`) imports
> `sys` for instance, than you can write `foo.sys`,
> and even `foo.sys.modules` and then gain access to all of the imported
> modules -- which is not safe.
>
> so it would be better to explicitly state the attrs you wish to grant
> access to. you can also implement _rpyc_getattr(self, name) in your service
> class,
> which is called by rpyc to get the attribute. you can refer to
> https://github.com/tomerfiliba/rpyc/blob/master/rpyc/core/service.py
>
To be safe you can define __all__ in your module, and then expose only what
is mentioned in mymodule.__all__.
- Tal
