Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: Good IPC Message Protocols?

by papidave (Pilgrim)
on Jan 30, 2009 at 13:17 UTC ( #740160=note: print w/replies, xml ) Need Help??

in reply to Good IPC Message Protocols?

One needs to consider relative risk when deciding what to remediate first. For a client-server app, I see four possible considerations:

  1. The client gets hacked
  2. Someone listens on your network
  3. Someone hacks the storage on your server
  4. Someone hacks the server app itself

Risk 1 is minimized through strong authentication methods, and minimizing the amount of data that the client actually receives.

Risk 2 is minimized by encrypting traffic between systems; see Crypt-SSLeay

Risk 3 is minimized by encrypting the data store. I'm not enough of an expert to suggest a specific solution.

Risk 4 might be minimized by using a compiled language, and including code that checksums the binary when it first runs.

Personally, I think that the risk of 4 is so low, that everyone but government spy agencies can probably ignore it -- and they should be using a secure operating system that does that kind of thing automatically. For us mortals, risk #2 is the highest; if you are legitimately scared enough that you need to do more than #1 and #2, you probably shouldn't be using uncompiled Perl because of the risk that someone would read the source code and be able to reverse-engineer your data.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://740160]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (3)
As of 2022-09-30 22:50 GMT
Find Nodes?
    Voting Booth?
    I prefer my indexes to start at:

    Results (126 votes). Check out past polls.