Great article! I will link it from the pyds homepage. Oh, one note: medusa (the web server used in PyDS) does support https - only problem is, you need some encryption support for Python. If you have the relevant libraries, it should be possible to directly use https in medusa. Then one could set up an additional https server port in PyDS. I didn't include it in the source, because this would add a dependency on the encryption stuff and that would complicate the compile process. Though I think I might add it in a way that it is used conditionally - use SSL if the relevant libs are available, don't use it otherwise.

Glad you liked it :-)



One thing I can't figure out: how can I make PyDS not trust ANY addresses? Right now, if your box has accounts for other users, they can do anything they want.

There isn't a way to don't trust any addresses. But if your SSL reverse proxy is running at the same machine than your PyDS, you just can set remoteip to 127.0.0.1 and remoteport to something different from 4334. This would allow the SSL reverse proxy to still access the PyDS (and allow all local users to access PyDS directly, but they can already by accessing the standard interface) but would prevent outside access.



If your PyDS and your SSL reverse proxy run on different hosts, you should use the systems firewalling to restrict access to the PyDS port to only the proxy machine.