|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend
On Wed, Jun 14, 2006 at 12:26:18PM -0500, Anthony Liguori wrote: > Ewan Mellor wrote: > >On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote: > > > > > >>Hi, > >> > >>The following patch implements a secure XML-RPC protocol for Xend. > >>Instead of using HTTPS with basic authentication and dealing with all > >>that nasty OpenSSL/PAM integration, it just uses SSH. This gives you > >>all the properties you want (great security and PAM integration) with > >>very little code. > >> > >>There are some minor issues so I'd rather it not be applied > >>immediately. I'd like to get some feedback from people as to whether > >>this approach is reasonable. A user-facing change is that now you can > >>use the XM_SERVER environmental variable to specific an XML-RPC URI. > >> > > > >I'm with Ian -- I'd rather see the SSL/PAM solution done properly than > >this. > >That said, I don't see why we can't have this transport as well -- it's > >not a > >big patch. > > > >What happens if SSH isn't installed? I don't see any nice diagnostic of > >that, > >so I'm guessing that it just splats out an "execv failed" exception (unless > >I've missed something). > > > > In the current code, Popen throws an OSError. > > I really don't like catching exceptions and doing an sys.exit within the > command handler. I'd rather introduce a new exception type for use in > xm and rethrow the OSError with a friendly message. This will make > localization quite a bit easier. > > What do you think of this? Sure, diagnose and rethrow all the way to the top level -- that's what main.py does now for most things, and it makes it easier to integrate main.py into larger applications too. Ewan. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |