| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend
On Wed, Jun 14, 2006 at 12:26:18PM -0500, Anthony Liguori wrote:
> Ewan Mellor wrote:
> >On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:
> >
> >
> >>Hi,
> >>
> >>The following patch implements a secure XML-RPC protocol for Xend.
> >>Instead of using HTTPS with basic authentication and dealing with all
> >>that nasty OpenSSL/PAM integration, it just uses SSH. This gives you
> >>all the properties you want (great security and PAM integration) with
> >>very little code.
> >>
> >>There are some minor issues so I'd rather it not be applied
> >>immediately. I'd like to get some feedback from people as to whether
> >>this approach is reasonable. A user-facing change is that now you can
> >>use the XM_SERVER environmental variable to specific an XML-RPC URI.
> >>
> >
> >I'm with Ian -- I'd rather see the SSL/PAM solution done properly than
> >this.
> >That said, I don't see why we can't have this transport as well -- it's
> >not a
> >big patch.
> >
> >What happens if SSH isn't installed? I don't see any nice diagnostic of
> >that,
> >so I'm guessing that it just splats out an "execv failed" exception (unless
> >I've missed something).
> >
>
> In the current code, Popen throws an OSError.
>
> I really don't like catching exceptions and doing an sys.exit within the
> command handler. I'd rather introduce a new exception type for use in
> xm and rethrow the OSError with a friendly message. This will make
> localization quite a bit easier.
>
> What do you think of this?
Sure, diagnose and rethrow all the way to the top level -- that's what main.py
does now for most things, and it makes it easier to integrate main.py into
larger applications too.
Ewan.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home