I was thinking about the problem of security with regards to my reverse RPC server. In case you missed my earlier journal entries, I proposed an RPC server that let the clients send code refs or modules (either as a name or frozen text) to be executed by a remote server (instead of lumping all the methods in the server itself). The code/method would then be executed with the results sent back to the client.
The main problem with this is security. What if some miscreant sends "rm -rf *" to the server? How can a compromise be reached without resorting to massive regular expression checking? I milled over this for a while. Today, I had an idea.
Why not use some sort of ssh style authentication built directly into our server? Basically, only authorized programmers would be given a key, and only the proper key would allow you to connect to the server.
You could even have different levels of access based on your key. Level 1 - you can call predefined methods (if any) built into the server; Level 2 - you can use modules installed on the remote machine to create objects and/or call functions; Level 3 - you can send your own frozen objects, or code refs, to the remote server to be executed.
This would require a bit more administration, as someone would have to deal out the keys as appropriate, but I think it could work.
Then again, maybe this has already been done in XML land. I don't know. If it hasn't - ugh. That's a lot of work. Maybe I should ask for a grant from the Perl Foundation. If not, I think it would take a joint effort from a few people. Maybe a sourceforge project.
Anyone interested? Offhand, I'd say Ben Trott would be a good source for the authentication part, Matt Sergeant for the RPC portion and Paul Seamons for the generic server portion.
5 minutes later...
Am I just re-inventing Apache/mod_perl?
Re:SSh transport
djberg96 on 2002-03-12T09:54:40
Oh, hey. Didn't know you were hanging around use.perl:) Yes, a couple of others have mentioned Penguin as well and I've taken a look. I tried contacting the author, but haven't heard back. I didn't really expect anything - looks like it's been five years since it was last touched.
I was actually looking at your Crypt::OpenPGP module the other day as a possible solution. I know nothing about PGP, so I was thinking of buying the ORA book on it just for that!
Securing the transport layer wasn't something I was even thinking about originally, though perhaps I should have been. My main concern was authorization (and safely executing code). I'm don't know how to hack SSH identity file authorization, so I'll probably just handle it at the application level somehow.
I'd like to see the code you mention. Please send! And thanks for the feedback.
Re:SSh transport
pudge on 2002-03-12T13:48:30
Yes, a couple of others have mentioned Penguin as well and I've taken a look. I tried contacting the author, but haven't heard back. I didn't really expect anything - looks like it's been five years since it was last touched.I tried contacting him about Penguin over five years ago, and never heard back.
:-) Re:SSh transport
btrott on 2002-03-12T16:32:33
Using Crypt::OpenPGP would be another option that would work quite well. That would give you more control over authentication etc, but with the same amount of security--you could encrypt each message to secure the transport, and sign it to perform authentication.
I'll send you the code when I get access to it again, in a couple of days (at SXSW right now:).
