[opensource] Peristent ResNET Login

Issac Kelly issac at servee.com
Fri May 13 09:55:50 EDT 2011


Python does not, in any way validate CA.  A guy I know, kenneth_reitz has
written a requests library with the goal of using the stdlib urllib/http
tools, and making a better one.

I talked to him a bit about it this morning, and he agreed that it's a
feature he wants to support and opened this ticket:
https://github.com/kennethreitz/requests/issues/30

The problems with doing SSL verification at a module level, and not a
application level like you are suggesting here (checking the CA's public key
on file against the PK you receive from the server is what is required...
then check the date, then check that the URLs match) is that there isn't
really a good place to say "these are all the CAs that we should accept
across all installations of this module"  So if I were to write a patch for
requests (and you were to switch from urllib/urllib2 to requests) that would
take a little bit of thought to get some sort of data structure that could
pull from the OS when available, or just a list, or whatever.

As far as the 404 checking:  http://opensource.osu.edu/404 would seem to
suffice, and keep it on your own logs, or a round-robin list of expected
404s if you are concerned about the load on any individual server.

I'd suggest making a page that does it at the apache level, and not at the
drupal(?) level though, and that would reduce your load a little too
(again... if that's a legitimate concern, which I'm not sure it is, once
every 5 seconds is not a big deal, even if 1000 people were using it, it
probably wouldn't cause any issues.

Putting the 404 on your own server also make sure that you have a quick way
to turn the script off for non-coders through use of IP tables, you could
block all resent addresses; or simply changing the response code for the
given page.  This would be useful if resnet gets mad at you, you can say
"we'll shut it down right away boss".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.cse.ohio-state.edu/pipermail/opensource/attachments/20110513/32463e5a/attachment.html


More information about the Opensource mailing list