适用于具有或不具有XMLRPC的多个客户端的Python Server
[英]Python Server for multiple clients with or without XMLRPC
问题描述
I made a set of XMLRPC client-server programs in python and set up a little method for authenticating my clients. 
我用python创建了一组XMLRPC客户端-服务器程序,并设置了一些用于验证客户端身份的方法。 However, after coding pretty much the whole thing, I realized that once a client was authenticated, the flag I had set for it was global in my class ie as long as one client is authenticated, all clients are authenticated. 但是,在完成全部编码之后,我意识到,一旦对客户端进行身份验证,我为其设置的标志就是我的类中的全局标志,即,只要对一个客户端进行身份验证,所有客户端都将被身份验证。 I don't know why, but I was under the impression that whenever SimpleXMLRPCServer was connected to by a client, it would create a new set of variables in my program. 我不知道为什么,但是我的印象是,每当客户端连接SimpleXMLRPCServer时,它将在程序中创建一组新的变量。
Basically the way it's set up now is 基本上,现在的设置方式是
class someclass:
authenticate(self, username, pass):
#do something here
if(check_for_authentication(username, pass))
self.authenticated=True
other_action(self, vars):
if authenticated:
#do whatever
else:
return "Not authorized."
server=SimpleXMLRPCServer.SimpleXMLRPCServer("0.0.0.0", 8000)
server.register_instance(someclass())
server.serve_forever()
I need either a way to hack this into what I am looking for (ie the authenticated flag needs to be set for each client that connects), or another protocol that can do this more easily. 我需要一种方法将其破解为我要寻找的内容(即,需要为每个连接的客户端设置身份验证标志),或者需要另一种协议可以更轻松地完成此操作。 After some searching I have been looking at twisted, but since this is already written, I'd rather modify it than have to rewrite it. 经过一番搜索之后,我一直在寻找扭曲的东西,但是既然已经写好了,我宁愿对其进行修改,而不必重写它。 I know for now I could just always get the username and password from the client, but in the intrest of resources (having to authenticate on every request) and saving bandwidth (which some of my clients have in very limited quantities), I'd rather not do that. 我知道,现在我总是可以从客户端获取用户名和密码,但是在大量资源(必须对每个请求进行身份验证)和节省带宽(某些客户端数量非常有限)的情况下,而不是那样做。
Also, this is my first time trying to secure something like this(and I am not trained in internet security), so if I am overlooking some glaring error in my logic, please tell me. 另外,这是我第一次尝试保护类似的东西(并且我没有接受过互联网安全方面的培训),因此,如果我在逻辑中忽略了一些明显的错误,请告诉我。 Basically, I can't have someone sending me fake variables in "other_actions" 基本上,我不能让别人在“ other_actions”中向我发送假变量
2 个解决方案
解决方案1
0 已采纳 2011-08-08 06:38:32
Something like this would work: 这样的事情会起作用:
class SomeClass(object):
authenticated = {}
def authenticate(self, username, password):
#do something here
if authenticate(username, password):
# make unique token can probably be just a hash
# of the millisecond time and the username
self.authenticated[make_unique_token(username)] = True
def other_action(self, vars):
# This will return True if the user is authenticated
# and None otherwise, which evaluates to False
if authenticated.get(vars.get('authentication-token')):
#do whatever
pass
else:
return "Not authorized."
server=SimpleXMLRPCServer.SimpleXMLRPCServer("0.0.0.0", 8000)
server.register_instance(someclass())
server.serve_forever()
You just need to pass them an authentication token once they've logged in. 他们登录后,只需向他们传递身份验证令牌即可。
I assume you know you can't actually use pass as a variable name. 我假设您知道您实际上不能使用pass作为变量名。 Please remember to accept answers to you questions (I noticed you haven't for your last several). 请记住要接受对您问题的回答(我注意到您最近几次都没有)。
解决方案2
0 2011-08-08 06:42:32
You have to decide. 你必须决定。 If you really want to use one instance for all clients, you have to store the "authenticated" state somewhere else. 如果您确实要为所有客户端使用一个实例,则必须将“已认证”状态存储在其他位置。 I am not familiar with SimpleXMLRPCServer(), but if you could get the conection object somewhere, or at least its source address, you could establish a set() where all authenticated clients/connections/whatever are registered. 我对SimpleXMLRPCServer()并不熟悉,但是如果您可以在某个地方(至少是它的源地址)获得连接对象,则可以建立一个set(),在其中注册所有经过身份验证的客户端/连接/所有对象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.