Security considerations¶
Cryptographic signing¶
Why?¶
Since un-pickling from an external source is considered dangerous, it becomes necessary to verify whether the other end is also a ZProc node, and not some attacker trying to exploit our application.
Hence, ZProc provides cryptographic signing support using itsdangerous.
Just provide the secret_key parameter to Context
, and you should be good to go!
>>> import zproc
>>> ctx = zproc.Context(secret_key="muchsecret")
>>> ctx.secret_key
'muchsecret'
Similarly, State
also takes the secret_key
parameter.
By default, secret_key
is set to None
, which implies that no cryptographic signing is performed.
Yes, but why?¶
Here is an example demonstrating the usefulness of the this feature.
import zproc
home = zproc.Context(secret_key="muchsecret")
ADDRESS = home.server_address
home.state['gold'] = 5
An attacker somehow got to know our server’s address. But since his secret key didn’t match ours, their attempts to connect our server are futile.
attacker = zproc.Context(ADDRESS) # blocks forever
If however, you tell someone the secret key, then they are allowed to access the state.
friend = zproc.Context(ADDRESS, secret_key="muchsecret")
print(friend.state['gold']) # 5