[boulder.pm] forwarding "nonmember" bounce: client/server secure ?

Robert L. Harris Robert.L.Harris at rdlg.net
Mon Mar 19 13:12:44 CST 2001 


This looks like the first solution relies on 2 web servers, one on the
client one on the server.  There will be one on the server, but not on
the clients.

I didn't want to go the ssh route as that will require open passwords
in the RSA, or require the users to know the passphrase which we really
dont want.  I've got a plan in the works for the authentication already,
I just need to know how to do the secure sockets.

It sounds like the book is the perfect way go and probably has alot
of other useful information I can use.

Thank you,
  Robert


Thus spake rise (rise at knavery.net):

> On Mon, 19 Mar 2001, Rob Nagler wrote:
> 
> > >   Anyone have any simple code I can build upon or a good starting place?
> > > I've never done network/socket code before.
> >
> > I highly recommend using mod_perl/Apache and SSL (https).  It's the
> > probably the most widely used and secure transport in the world.
> >
> > You can use libnet, libwww-perl, openssl, and Crypt-SSLeay to
> > communicate with the server.  It's really quite easy.
> 
> Note: The mail Walter forwarded didn't have you Cc'd.
> 
> ----
> 
> That's probably your most scalable option and if you've ever written a
> mod_perl module (or if you can deal with going the CGI route) it should be
> pretty simple - just code a set of pages that take your arguments and call
> the appropriate command (or embed the information gathering logic in a
> perl module and call it directly from the server thread).  If you set up
> certificates for both sides (and make sure that each side knows to
> accept only the certificate on the other) the connection should be very
> secure (in terms of the authentication as well encryption).
> 
> If you don't have to have use SSL but need encryption and you're looking
> for a lower tech solution have you considered using SSH to call a command
> on ServerB?  If you go that route you probably want to read "SSH The
> Definitive Guide" Ch. 11.1 - 'Unattended SSH' to get a good handle on the
> security and implementation details.
> 
> If you absolutely have to code a socket based client/server run, don't
> walk to get a copy of Lincoln Stein's "Network Programming with Perl".
> It's a damn good book and it'll save you hours/days of grief dealing with
> blocking issues, threading, etc.  You could probably grab one of the
> server & client listings in there, add SSL support with one of the SSL
> modules, set up the certificates, and have the skeleton for your solution.
> 
> Jonathan Conway
> 
> 



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the Boulder-pm mailing list