[Pipet Devel] sessions (was: we're back)

Brad Chapman chapmanb at arches.uga.edu
Thu Mar 2 15:13:43 EST 2000


> Jennifer Steinbachs wrote:
>> 
>>  How will this communication work with firewalls?

Jeff wrote:

> Brad,
> can you explain how this front-to-middle communication works?  To 
what extent
> does it use sockets and ports?

Thanks for bringing this up, Jennifer! I don't know much about being 
behind firewalls (except for the simple firewall I set up for my 
computer) but from my understanding loopbacks to the localhost are 
normally allowed by the person setting up the firewall. I don't really 
know of any security risks invovled with this. 
    So, right now the only communication is occuring between front and 
middle on the same machine. So, the middle start up and binds to 
'localhost' on a port specified in the configuration file (right now 
it is just a 5 digit port (41877), nice and high). So from my 
understanding, this connection is not available to anyone outside of 
the local machine.
    My very limited understanding of how sockets work come from 
reading the "Socket Programming How-To" on the python web site 
(http://www.python.org/doc/howto/sockets/sockets.html). Basically, the 
middle creates a "server" socket which binds to localhost on the 41877 
port, and then listens for incoming connections. The front creates a 
"client" socket which sends a message to localhost, 41877 port. The 
"server" socket in the middle hears the message, and creates a 
"client" socket to handle it, and this is the connection that 
transfers the message.
    So, the point of all this is that all communication is through a 
single local port, and so shouldn't be affected by firewalls. I'd be 
interested if you tried to fire behind your firewall, Jennifer, and 
see what happens.
    Once we get into middle to middle communication, we'll need to 
worry about connecting between two computers, in which case firewalls 
and security will become an issue. I'm going to argue for using corba 
to do this, and not sockets, so maybe security and firewall 
compatibility can be one of my arguments. Thanks!

Brad
 





More information about the Pipet-Devel mailing list