Re: [web2py] Re: xmlrpc security

2013-10-25 Thread Kristen J. Webb 

Hi guys,

Thanks for the pointers.

I'm trying to use self-signed certs to remove
login/password from the xmlrpc interface
for machine authentication.
Digging more in the docs, it looks like part
of this is apache config.

I'll do some more testing and report
back if/what changes I have to make
to web2py to get it to work.

Kris

On 10/25/13 3:44 AM, Michele Comitini wrote:

It should be possible in combination
with gluon/contrib/login_methods/x509_auth.py using the standard
@auth_requires_login or checking authorization data in a model after the usual
auth=Auth() is properly instantiated and initiated.

mic


2013/10/25 Massimo Di Pierro massimo.dipie...@gmail.com
mailto:massimo.dipie...@gmail.com

I do not think xmlrpc can do this currently.
Please share your code.


On Thursday, 24 October 2013 17:40:50 UTC-5, kw...@teradactyl.com
mailto:kw...@teradactyl.com wrote:

Hi All,
I am new to python and web2py and I really like them both!

Can @xmlrpc provide client side certifcate validation and
actually do the hostname checks on the certificates
(to prevent MITM attacks) when
an application is deployed on an apache server?

I ask this because web2py turned me on to the xmlrpc
interface in python, and running tests there, I had to
really muck with the 2.x python code to get this to
work.

If not, I'm very happy to cleanup my xmlrpc changes to
be incorporated into web2py.

Thanks in advance!
Kris

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to web2py+unsubscr...@googlegroups.com
mailto:web2py%2bunsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google
Groups web2py-users group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/web2py/KM71EMUfs8k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


--
This message is NOT encrypted

Mr. Kristen J. Webb
Chief Technology Officer
Teradactyl LLC.
2450 Baylor Dr. S.E.
Albuquerque, New Mexico 87106
Phone: 1-505-338-6000
Email: kw...@teradactyl.com
Web: http://www.teradactyl.com

Providers of Scalable Backup Solutions
   for Unique Data Environments


NOTICE TO RECIPIENTS: Any information contained in or attached to this message 
is intended solely for the use of the intended recipient(s). If you are not the 
intended recipient of this transmittal, you are hereby notified that you 
received this transmittal in error, and we request that you please delete and 
destroy all copies and attachments in your possession, notify the sender that 
you have received this communication in error, and note that any review or 
dissemination of, or the taking of any action in reliance on, this communication 
is expressly prohibited.



Regular internet e-mail transmission cannot be guaranteed to be secure or 
error-free. Therefore, we do not represent that this information is complete or 
accurate, and it should not be relied upon as such. If you prefer to communicate 
with Teradactyl LLC. using secure (i.e., encrypted and/or digitally signed) 
e-mail transmission, please notify the sender. Otherwise, you will be deemed to 
have consented to communicate with Teradactyl via regular internet e-mail 
transmission. Please note that Teradactyl reserves the right to intercept, 
monitor, and retain all e-mail messages (including secure e-mail messages) sent 
to or from its systems as permitted by applicable law.




--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups web2py-users group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] web2py CLI integration

2013-03-15 Thread Kristen 
Hi All,
I'm new to python, web2py and all.   I have been experimenting python and I 
like what I read about the web2py (rapid development, security, etc).  My 
questions is the ability to intergrate a web2py project with a CLI (command 
line interface) for my users.  I've come across python modules like cement 
and continue to investigate.  This would seem to be a common problem (Web 
CLI integration).  Mostly, I am trying to decern the combination of 
frameworks, etc. that will make this work best.  As an adjunct, we have 
implemented a TLS/GSSAPI connection capapility that allows Kerberos auth 
for authenticated inter-system communications via host keys vs. certs, so 
my solutions space search is particular.  So I hope that is not too much 
for one post ;)

-- 

--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.