Port blocking

Discussion in 'Python' started by Mark Carter, Jan 10, 2005.

  1. Mark Carter

    Mark Carter Guest

    Supposing I decide to write a server-side application using something
    like corba or pyro.

    What's the chance that in big corporations, the client's ports (in both
    senses of the word: fee-paying, and application) will be blocked,
    thereby immediately scuppering whatever I have written? Has this problem
    ever arisen for anyone?

    Also, is there a good tool for writing database UIs?
     
    Mark Carter, Jan 10, 2005
    #1
    1. Advertising

  2. Mark Carter

    Paul Rubin Guest

    Mark Carter <> writes:
    > Supposing I decide to write a server-side application using something
    > like corba or pyro.
    >
    > What's the chance that in big corporations, the client's ports (in
    > both senses of the word: fee-paying, and application) will be blocked,
    > thereby immediately scuppering whatever I have written? Has this
    > problem ever arisen for anyone?


    Usually you wouldn't run a public corba or pyro service over the
    internet. You'd use something like XMLRPC over HTTP port 80 partly
    for the precise purpose of not getting blocked by firewalls.

    > Also, is there a good tool for writing database UIs?


    Yes, quite a few.
     
    Paul Rubin, Jan 10, 2005
    #2
    1. Advertising

  3. Mark Carter

    Mark Carter Guest

    Paul Rubin wrote:
    > Mark Carter <> writes:
    >
    >>Supposing I decide to write a server-side application using something
    >>like corba or pyro.


    > Usually you wouldn't run a public corba or pyro service over the
    > internet. You'd use something like XMLRPC over HTTP port 80 partly
    > for the precise purpose of not getting blocked by firewalls.


    Although, when you think about it, it kinda defeats the purposes of
    firewalls. Not that I'm criticising you personally, you understand.

    >>Also, is there a good tool for writing database UIs?

    >
    >
    > Yes, quite a few.


    Ah yes, but is there really? For example, I did a search of the TOC of
    GTK+ Reference Manual:
    http://developer.gnome.org/doc/API/2.0/gtk/index.html
    for the word "data", and there's apparently no widget which is
    explicitly tied to databases. So in GTKs case, for instance, it looks
    like one has to roll one's own solution, rather than just using one out
    of the box.
     
    Mark Carter, Jan 10, 2005
    #3
  4. Mark Carter

    Mark Carter Guest

    Mark Carter wrote:
    > Paul Rubin wrote:


    >> Usually you wouldn't run a public corba or pyro service over the
    >> internet. You'd use something like XMLRPC over HTTP port 80 partly
    >> for the precise purpose of not getting blocked by firewalls.


    I'm not sure if we're talking at cross-purposes here, but the
    application isn't intended for public consumption, but for fee-paying
    clients.
     
    Mark Carter, Jan 10, 2005
    #4
  5. > Usually you wouldn't run a public corba or pyro service over the
    > internet. You'd use something like XMLRPC over HTTP port 80 partly
    > for the precise purpose of not getting blocked by firewalls.


    What exactly makes sending bytes over port 80 more secure than over any
    other port? It has always been my impression that this was to create less
    administrative troubles for firewall admins. But its not inherently more
    secure. That's a property of the application running.

    --
    Regards,

    Diez B. Roggisch
     
    Diez B. Roggisch, Jan 10, 2005
    #5
  6. On 2005-01-10, Diez B. Roggisch <> wrote:

    >> Usually you wouldn't run a public corba or pyro service over
    >> the internet. You'd use something like XMLRPC over HTTP port
    >> 80 partly for the precise purpose of not getting blocked by
    >> firewalls.

    >
    > What exactly makes sending bytes over port 80 more secure than
    > over any other port?


    Nothing.

    When has reality had anything to do with the way corporate IT
    types configure firewalls? ;)

    > It has always been my impression that this was to create less
    > administrative troubles for firewall admins.


    It's to give corporate IT types the _illusion_ of security and
    relieve them of the need to learn how to configure firewalls.

    > But its not inherently more secure. That's a property of the
    > application running.


    --
    Grant Edwards grante Yow! HAIR TONICS, please!!
    at
    visi.com
     
    Grant Edwards, Jan 10, 2005
    #6
  7. Mark Carter

    Ville Vainio Guest

    >>>>> "Mark" == Mark Carter <> writes:

    Mark> Mark Carter wrote:
    >> Paul Rubin wrote:


    >>> Usually you wouldn't run a public corba or pyro service over
    >>> the internet. You'd use something like XMLRPC over HTTP port
    >>> 80 partly for the precise purpose of not getting blocked by
    >>> firewalls.


    Mark> I'm not sure if we're talking at cross-purposes here, but
    Mark> the application isn't intended for public consumption, but
    Mark> for fee-paying clients.

    Still, if the consumption happens over the internet there is almost
    100% chance of the communication being prevented by firewalls.

    This is exactly what "web services" are for.

    --
    Ville Vainio http://tinyurl.com/2prnb
     
    Ville Vainio, Jan 10, 2005
    #7
  8. Mark Carter

    Steve Holden Guest

    Mark Carter wrote:

    > Paul Rubin wrote:
    >
    >> Mark Carter <> writes:
    >>
    >>> Supposing I decide to write a server-side application using something
    >>> like corba or pyro.

    >
    >
    >> Usually you wouldn't run a public corba or pyro service over the
    >> internet. You'd use something like XMLRPC over HTTP port 80 partly
    >> for the precise purpose of not getting blocked by firewalls.

    >
    >
    > Although, when you think about it, it kinda defeats the purposes of
    > firewalls. Not that I'm criticising you personally, you understand.
    >

    Yet another brilliant Microsoft marketing concept: "Shit, these bloody
    firewalls are getting in the way of our new half-baked ideas for
    application architectures to replace all that funky not-invented-here
    open source stuff we can't charge money for. Let's design something that
    completely screws up existing firewall strategies, then we can charge
    people extra to firewall the new stuff after we've hooked them all on
    yet another inferior execution of existing ideas".

    >>> Also, is there a good tool for writing database UIs?

    >>
    >>
    >>
    >> Yes, quite a few.

    >
    >
    > Ah yes, but is there really? For example, I did a search of the TOC of
    > GTK+ Reference Manual:
    > http://developer.gnome.org/doc/API/2.0/gtk/index.html
    > for the word "data", and there's apparently no widget which is
    > explicitly tied to databases. So in GTKs case, for instance, it looks
    > like one has to roll one's own solution, rather than just using one out
    > of the box.


    There isn't, IMHO, anything with the polish of (say) Microsoft Access,
    or even Microsoft SQL Server's less brilliant interfaces. Some things
    Microsoft *can* do well, it's a shame they didn't just stick to the
    knitting.

    regards
    Steve
    --
    Steve Holden http://www.holdenweb.com/
    Python Web Programming http://pydish.holdenweb.com/
    Holden Web LLC +1 703 861 4237 +1 800 494 3119
     
    Steve Holden, Jan 11, 2005
    #8
  9. Mark Carter

    Steve Holden Guest

    Ville Vainio wrote:

    >>>>>>"Mark" == Mark Carter <> writes:

    >
    >
    > Mark> Mark Carter wrote:
    > >> Paul Rubin wrote:

    >
    > >>> Usually you wouldn't run a public corba or pyro service over
    > >>> the internet. You'd use something like XMLRPC over HTTP port
    > >>> 80 partly for the precise purpose of not getting blocked by
    > >>> firewalls.

    >
    > Mark> I'm not sure if we're talking at cross-purposes here, but
    > Mark> the application isn't intended for public consumption, but
    > Mark> for fee-paying clients.
    >
    > Still, if the consumption happens over the internet there is almost
    > 100% chance of the communication being prevented by firewalls.
    >
    > This is exactly what "web services" are for.
    >

    I teach the odd security class, and what you say is far from true. As
    long as the service is located behind a firewall which opens up the
    correct holes for it, it's most unlikely that corporate firewalls would
    disallow client connections to such a remote port.

    Web services are for offering services despite the fact that the
    corporate firewall managers are valiantly trying to stop unknown
    services from presenting to the outside world (and my immediately
    preceding post tells you what I think of that idea).

    The situation is analogous to connecting to web servers running on
    non-standard ports (8000 and 8080 are traditional favorites, but
    firewalls very rarely accord them any special treatment).

    Most firewall configurations allow fairly unrestricted outgoing
    connections, limiting rules to sanity checking of addresses to ensure
    nobody inside the firewall is address spoofing. Incoming connections are
    usually limited to specific combinations of port number and IP address
    known to be legitimate corporate services to the external world.
    Firewalling web services effectively is just an additional pain for the
    network manager.

    regards
    Steve
    --
    Steve Holden http://www.holdenweb.com/
    Python Web Programming http://pydish.holdenweb.com/
    Holden Web LLC +1 703 861 4237 +1 800 494 3119
     
    Steve Holden, Jan 11, 2005
    #9
  10. Mark Carter

    Paul Rubin Guest

    Mark Carter <> writes:
    > >>Also, is there a good tool for writing database UIs?

    > > Yes, quite a few.

    >
    > Ah yes, but is there really? For example, I did a search of the TOC of
    > GTK+ Reference Manual:


    Try looking on freshmeat or sourceforge instead.
     
    Paul Rubin, Jan 11, 2005
    #10
  11. Mark Carter

    Ed Leafe Guest

    On Jan 10, 2005, at 8:00 PM, Steve Holden wrote:

    >> Ah yes, but is there really? For example, I did a search of the TOC
    >> of GTK+ Reference Manual:
    >> http://developer.gnome.org/doc/API/2.0/gtk/index.html
    >> for the word "data", and there's apparently no widget which is
    >> explicitly tied to databases. So in GTKs case, for instance, it looks
    >> like one has to roll one's own solution, rather than just using one
    >> out of the box.

    >
    > There isn't, IMHO, anything with the polish of (say) Microsoft Access,
    > or even Microsoft SQL Server's less brilliant interfaces. Some things
    > Microsoft *can* do well, it's a shame they didn't just stick to the
    > knitting.


    <shameless plug>Though it's certainly not anywhere near the polish of
    Access, you should check out Dabo. It's designed from the ground up to
    be a database application framework, and is on its way to achieving
    that goal. Right now you still have to do all the UI stuff in code, but
    we're just starting to develop the visual UI Designer. Stay
    tuned!</shameless plug>

    ___/
    /
    __/
    /
    ____/
    Ed Leafe
    http://leafe.com/
    http://dabodev.com/
     
    Ed Leafe, Jan 11, 2005
    #11
  12. Mark Carter

    Aldo Cortesi Guest

    Thus spake Steve Holden ():

    > I teach the odd security class, and what you say is far
    > from true. As long as the service is located behind a
    > firewall which opens up the correct holes for it, it's
    > most unlikely that corporate firewalls would disallow
    > client connections to such a remote port.


    Don't be too sure about that - most of the well-run
    corporate networks I have been involved with block outbound
    traffic by default. It is certainly sound security policy to
    shunt outbound traffic through intermediary servers (e.g.
    SMTP) and proxies (e.g. HTTP and FTP) so that it can be
    logged, monitored, tracked, and controlled.

    This is the strategy I recommend to my clients - the only
    sensible one in a world of spyware, worms, insecure web
    browsers and corporate espionage...




    Cheers,


    Aldo



    --
    Aldo Cortesi

    http://www.nullcube.com
    Off: (02) 9283 1131
    Mob: 0419 492 863
     
    Aldo Cortesi, Jan 11, 2005
    #12
  13. Mark Carter

    Ville Vainio Guest

    >>>>> "Steve" == Steve Holden <> writes:

    >> >>> Usually you wouldn't run a public corba or pyro service over
    >> >>> the internet. You'd use something like XMLRPC over HTTP port
    >> >>> 80 partly for the precise purpose of not getting blocked by
    >> >>> firewalls.


    Mark> I'm not sure if we're talking at cross-purposes here, but
    Mark> the application isn't intended for public consumption, but
    Mark> for fee-paying clients.

    >> Still, if the consumption happens over the internet there is almost
    >> 100% chance of the communication being prevented by firewalls.
    >> This is exactly what "web services" are for.


    Steve> I teach the odd security class, and what you say is far
    Steve> from true. As long as the service is located behind a
    Steve> firewall which opens up the correct holes for it, it's most
    Steve> unlikely that corporate firewalls would disallow client
    Steve> connections to such a remote port.

    Yes, but "clients" might also act as servers, e.g. when they register
    a callback object and expect the "server" to invoke something later
    on. This is possible (and typical) with CORBA at least. ORBs can use
    the same client-initiated connection for all the traffic, but this is
    probably somewhere in the gray area.

    --
    Ville Vainio http://tinyurl.com/2prnb
     
    Ville Vainio, Jan 11, 2005
    #13
  14. Mark Carter

    Mark Carter Guest

    Ed Leafe wrote:
    > On Jan 10, 2005, at 8:00 PM, Steve Holden wrote:


    >>
    >> There isn't, IMHO, anything with the polish of (say) Microsoft Access,
    >> or even Microsoft SQL Server's less brilliant interfaces. Some things
    >> Microsoft *can* do well, it's a shame they didn't just stick to the
    >> knitting.

    >
    >
    > <shameless plug>Though it's certainly not anywhere near the polish
    > of Access, you should check out Dabo.


    Thanks. I'll look into it.
     
    Mark Carter, Jan 11, 2005
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hendra Gunawan
    Replies:
    1
    Views:
    13,061
    Allan Herriman
    Apr 8, 2004
  2. Andre Kelmanson

    blocking i/o vs. non blocking i/o (performance)

    Andre Kelmanson, Oct 10, 2003, in forum: C Programming
    Replies:
    3
    Views:
    996
    Valentin Tihomirov
    Oct 12, 2003
  3. nukleus
    Replies:
    14
    Views:
    909
    Chris Uppal
    Jan 22, 2007
  4. Christian
    Replies:
    5
    Views:
    759
    Esmond Pitt
    Dec 2, 2007
  5. Serge Savoie
    Replies:
    4
    Views:
    291
    Serge Savoie
    Oct 1, 2008
Loading...

Share This Page