|
The CVS version of TooFPy now has additional stuff to make communicating more secure. I added my own client modules that can be extended with protocols (supported protocols now are SOAP, XMLRPC and PickleRPC). This client modules allow additional non-standard extensions. These extensions were used to provide RSA authentication for communication: if enabled, additional HTTP headers will be passed with the request and response that carry a SHA256 hash and a RSA signature (and the signers name). That way both the server and the client can be sure they are communiating with exactly the system they expect to communicate with. This works for all RPC protocols, but of course your client library has to support it (the standard libraries don't support it directly - you might need to either use my client modules or patch the stuff into your library). Of course the RSA authentication is optional - if you don't enable it, you are still fully compatible with other libraries.
Additionally the PickleRPC protocol now can use encryption of requests and responses to prevent people from listening in. The shared secret for PickleRPC communication is used for encryption.
And another change is that I switched to only use SHA256 instead of either md5 or sha throughout the code.
All the encryption and signature stuff needs the pycrypto modules by amk installed - there are source installation packages and even windows binary installers, just read the INSTALL-FROM-SOURCE (or INSTALL-ON-WINDOWS) files to see how to get the stuff.
A next step might be to overhaul the PickleRPC protocol (hey, it's still not released, so you can't expect me to keep the interface  ) to only work when you have RSA authentication set up and to provide encryption via randomly generated session secrets that are passed along RSA-encrypted. That way the shared secret can be completely removed (I never really liked it, anyway).
Update: I now did the above and changed PickleRPC to be tied to RSA authentication and making use of session keys. This removes the need for a shared secret.
|
