[boulder.pm] forwarding "nonmember" bounce: client/server secure ?
Robert L. Harris
Robert.L.Harris at rdlg.net
Mon Mar 19 13:12:44 CST 2001
This looks like the first solution relies on 2 web servers, one on the
client one on the server. There will be one on the server, but not on
the clients.
I didn't want to go the ssh route as that will require open passwords
in the RSA, or require the users to know the passphrase which we really
dont want. I've got a plan in the works for the authentication already,
I just need to know how to do the secure sockets.
It sounds like the book is the perfect way go and probably has alot
of other useful information I can use.
Thank you,
Robert
Thus spake rise (rise at knavery.net):
> On Mon, 19 Mar 2001, Rob Nagler wrote:
>
> > > Anyone have any simple code I can build upon or a good starting place?
> > > I've never done network/socket code before.
> >
> > I highly recommend using mod_perl/Apache and SSL (https). It's the
> > probably the most widely used and secure transport in the world.
> >
> > You can use libnet, libwww-perl, openssl, and Crypt-SSLeay to
> > communicate with the server. It's really quite easy.
>
> Note: The mail Walter forwarded didn't have you Cc'd.
>
> ----
>
> That's probably your most scalable option and if you've ever written a
> mod_perl module (or if you can deal with going the CGI route) it should be
> pretty simple - just code a set of pages that take your arguments and call
> the appropriate command (or embed the information gathering logic in a
> perl module and call it directly from the server thread). If you set up
> certificates for both sides (and make sure that each side knows to
> accept only the certificate on the other) the connection should be very
> secure (in terms of the authentication as well encryption).
>
> If you don't have to have use SSL but need encryption and you're looking
> for a lower tech solution have you considered using SSH to call a command
> on ServerB? If you go that route you probably want to read "SSH The
> Definitive Guide" Ch. 11.1 - 'Unattended SSH' to get a good handle on the
> security and implementation details.
>
> If you absolutely have to code a socket based client/server run, don't
> walk to get a copy of Lincoln Stein's "Network Programming with Perl".
> It's a damn good book and it'll save you hours/days of grief dealing with
> blocking issues, threading, etc. You could probably grab one of the
> server & client listings in there, add SSL support with one of the SSL
> modules, set up the certificates, and have the skeleton for your solution.
>
> Jonathan Conway
>
>
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
More information about the Boulder-pm
mailing list