[boulder.pm] forwarding "nonmember" bounce: client/server secure ?

[rise]

On Mon, 19 Mar 2001, Rob Nagler wrote:

> >   Anyone have any simple code I can build upon or a good starting place?
> > I've never done network/socket code before.
>
> I highly recommend using mod_perl/Apache and SSL (https).  It's the
> probably the most widely used and secure transport in the world.
>
> You can use libnet, libwww-perl, openssl, and Crypt-SSLeay to
> communicate with the server.  It's really quite easy.

Note: The mail Walter forwarded didn't have you Cc'd.

----

That's probably your most scalable option and if you've ever written a
mod_perl module (or if you can deal with going the CGI route) it should be
pretty simple - just code a set of pages that take your arguments and call
the appropriate command (or embed the information gathering logic in a
perl module and call it directly from the server thread).  If you set up
certificates for both sides (and make sure that each side knows to
accept only the certificate on the other) the connection should be very
secure (in terms of the authentication as well encryption).

If you don't have to have use SSL but need encryption and you're looking
for a lower tech solution have you considered using SSH to call a command
on ServerB?  If you go that route you probably want to read "SSH The
Definitive Guide" Ch. 11.1 - 'Unattended SSH' to get a good handle on the
security and implementation details.

If you absolutely have to code a socket based client/server run, don't
walk to get a copy of Lincoln Stein's "Network Programming with Perl".
It's a damn good book and it'll save you hours/days of grief dealing with
blocking issues, threading, etc.  You could probably grab one of the
server & client listings in there, add SSL support with one of the SSL
modules, set up the certificates, and have the skeleton for your solution.

Jonathan Conway