From: Anthony Liguori <aliguori@us.ibm.com>
To: Ewan Mellor <ewan@xensource.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
Subject: Re: [RFC][PATCH] Secure XML-RPC for Xend
Date: Wed, 14 Jun 2006 12:26:18 -0500 [thread overview]
Message-ID: <449046BA.6060606@us.ibm.com> (raw)
In-Reply-To: <20060614083613.GE5840@leeni.uk.xensource.com>
Ewan Mellor wrote:
> On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:
>
>
>> Hi,
>>
>> The following patch implements a secure XML-RPC protocol for Xend.
>> Instead of using HTTPS with basic authentication and dealing with all
>> that nasty OpenSSL/PAM integration, it just uses SSH. This gives you
>> all the properties you want (great security and PAM integration) with
>> very little code.
>>
>> There are some minor issues so I'd rather it not be applied
>> immediately. I'd like to get some feedback from people as to whether
>> this approach is reasonable. A user-facing change is that now you can
>> use the XM_SERVER environmental variable to specific an XML-RPC URI.
>>
>
> I'm with Ian -- I'd rather see the SSL/PAM solution done properly than this.
> That said, I don't see why we can't have this transport as well -- it's not a
> big patch.
>
> What happens if SSH isn't installed? I don't see any nice diagnostic of that,
> so I'm guessing that it just splats out an "execv failed" exception (unless
> I've missed something).
>
In the current code, Popen throws an OSError.
I really don't like catching exceptions and doing an sys.exit within the
command handler. I'd rather introduce a new exception type for use in
xm and rethrow the OSError with a friendly message. This will make
localization quite a bit easier.
What do you think of this?
Regards,
Anthony Liguori
> Ewan.
>
next prev parent reply other threads:[~2006-06-14 17:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-09 2:13 [RFC][PATCH] Secure XML-RPC for Xend Anthony Liguori
2006-06-09 2:45 ` Matthew Palmer
2006-06-09 8:34 ` Anil Madhavapeddy
2006-06-09 8:41 ` Daniel Veillard
2006-06-09 8:54 ` Anil Madhavapeddy
2006-06-09 14:57 ` Anthony Liguori
2006-06-09 15:45 ` Daniel Veillard
2006-06-09 15:57 ` Anthony Liguori
2006-06-09 12:00 ` Anthony Liguori
2006-06-14 8:36 ` Ewan Mellor
2006-06-14 17:26 ` Anthony Liguori [this message]
2006-06-14 17:36 ` Ewan Mellor
-- strict thread matches above, loose matches on Subject: below --
2006-06-09 8:10 Ian Pratt
2006-06-09 12:10 ` Anthony Liguori
2006-06-14 8:43 ` Ewan Mellor
2006-06-14 17:34 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=449046BA.6060606@us.ibm.com \
--to=aliguori@us.ibm.com \
--cc=ewan@xensource.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.