Skip to main content

Using Twisted Cred

I'm trying to move to using Twisted Cred and bring the perspective into perspective broker for Nessie. It's turning out to be a rather large refactoring. Because of that, I created a tag to the pre-cred code.

Originally, information was shared in both directions through a single root peer object. Now, with the advent of avatars and perspectives, it's looking like information should really only flow in one direction. That is, from the authenticator to the authenticated. Or in other words, information should only flow from the server to the client. For the server to get information from the client, it needs to authenticate with the client. Thus, the server becomes a client and the client a server. (Sorry, I couldn't resist making that sound more complicated than it really is.)

I think this will probably make things more secure. However, I think it's also likely that, in many cases, the server will not want to share information with an authenticated client unless the client also authenticates the server. Basically, share and share alike. That complicates things some what and I think I'm going to overlook it initially in the hopes that a simple solution presents itself (I believe this is likely to happen).

This structure defines the flow of data better than the pre-cred code did and should simplify peer updates and routing. Although the code will change quite a bit, I think it's for the best. I plan to check something in tomorrow, although, I will be hesitant to check in without at least having the Alice and Bob network test passing.
Labels:

Popular posts from this blog

Bot Commander r1 Released

I just published Bot Commander , the code for my Lego NXT rover . There's a lot left to be done, but release early and often, right? Currently it provides a UI for controlling the direction and speed of all three motor ports on the NXT brick. You can link motors together to adjust their speed in unison. In addition, you can enable "Tilt Control" for a steering-wheel-type experience. To use tilt control: Hook up motor A and B to be the left and right wheels of your vehicle. Hold the phone sideways (i.e. landscape). Tilt the phone forward and backward to drive forward and backward. Turn the phone right and left (like a steering wheel) to steer right and left. As you tilt the phone, you'll see the UI update the slider controls for the speed of motors A and B. I plan to expand the UI to provide a lot more than just motor control. Before that, though, I'll push a JAR to make it easy to integrate control of Lego NXT robots into your own Android project. The code...
Read more

Email Injection

Not so long ago, I ran a wiki called SecurePHP. On that wiki, there was one particular article about email injection that received a lot of attention. Naturally, with all the attention came lots of spam. As a result, I disabled editing of the wiki and content stagnated. Still, the email injection article remained popular. About a year later, the server that hosted SecurePHP died and I never had a chance to hook it all back up. I saved the article though and I'm reposting it now. It may be a bit old (I've been away from PHP for a long time), and I didn't write all of it, so feel free to leave comments about needed updates and corrections. Though this article focuses on PHP, it provides a lot of general information regarding email injection attacks. The PHP mail() Function There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() funct...
Read more

Python on Android

Note: This post is out of date. If you'd like to run Python on your Android device, please see my Android Scripting Environment project. Here's an early Christmas present for all those Python fanatics (self included) out there! With a lot of help from my friends (thanks Manuel and Thomas !) I managed to install Python 2.4.5 on my G1. It's still rough around the edges, but I think it's a good start. Klaus Reimer has a nice overview of how to cross-compile Python . My instructions borrow a lot from his. Download and build the Android source . These directions assume that you have installed the source to /android_src . Download and build the Python 2.4.5 source . These directions assume that you have installed the source to /python_src . Make copies of python and pgen for use later in the build process then clean up. $ cd /python_src $ cp python hostpython $ cp Parser/pgen Parser/hostpgen $ make distclean Apply the following patch to the Python source. diff -r -c -b P...
Read more