Ir al contenido principal

Ralsina.Me — El sitio web de Roberto Alsina

Safe Remote Blogging with PyDS

New tu­to­ri­al: En­abling re­mote blog­ging se­cure­ly in PyD­S, us­ing au­then­ti­ca­tion and a HTTPS re­verse prox­y.

Use­ful if you want to, for ex­am­ple, put PyDS on the In­ter­net to blog from any­where!

Georg Bauer / 2006-04-03 04:58:

Great article! I will link it from the pyds homepage. Oh, one note: medusa (the web server used in PyDS) does support https - only problem is, you need some encryption support for Python. If you have the relevant libraries, it should be possible to directly use https in medusa. Then one could set up an additional https server port in PyDS. I didn't include it in the source, because this would add a dependency on the encryption stuff and that would complicate the compile process. Though I think I might add it in a way that it is used conditionally - use SSL if the relevant libs are available, don't use it otherwise.

Roberto Alsina / 2006-04-03 04:59:

Glad you liked it :-)



One thing I can't figure out: how can I make PyDS not trust ANY addresses? Right now, if your box has accounts for other users, they can do anything they want.

Georg Bauer / 2006-04-03 05:00:

There isn't a way to don't trust any addresses. But if your SSL reverse proxy is running at the same machine than your PyDS, you just can set remoteip to 127.0.0.1 and remoteport to something different from 4334. This would allow the SSL reverse proxy to still access the PyDS (and allow all local users to access PyDS directly, but they can already by accessing the standard interface) but would prevent outside access.



If your PyDS and your SSL reverse proxy run on different hosts, you should use the systems firewalling to restrict access to the PyDS port to only the proxy machine.


Contents © 2000-2024 Roberto Alsina