Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Good IPC Message Protocols?

by papidave (Pilgrim)
on Jan 30, 2009 at 13:17 UTC ( [id://740160]=note: print w/replies, xml ) Need Help??


in reply to Good IPC Message Protocols?

One needs to consider relative risk when deciding what to remediate first. For a client-server app, I see four possible considerations:

  1. The client gets hacked
  2. Someone listens on your network
  3. Someone hacks the storage on your server
  4. Someone hacks the server app itself

Risk 1 is minimized through strong authentication methods, and minimizing the amount of data that the client actually receives.

Risk 2 is minimized by encrypting traffic between systems; see Crypt-SSLeay

Risk 3 is minimized by encrypting the data store. I'm not enough of an expert to suggest a specific solution.

Risk 4 might be minimized by using a compiled language, and including code that checksums the binary when it first runs.

Personally, I think that the risk of 4 is so low, that everyone but government spy agencies can probably ignore it -- and they should be using a secure operating system that does that kind of thing automatically. For us mortals, risk #2 is the highest; if you are legitimately scared enough that you need to do more than #1 and #2, you probably shouldn't be using uncompiled Perl because of the risk that someone would read the source code and be able to reverse-engineer your data.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://740160]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2024-03-19 02:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found