Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
WebRTC Peer to Server instead of Peer To Peer
I want to build a WebRTC Video and Voice Calling App.
However, I do not want a user to be able to connect directly to another user, as this brings unwanted security risks. So I think it makes more sense to implement the whole thing in such a way that all users (2 in this case) connect to a server, which then distributes the data and the users do not distribute it among themselves, so that, for example, the IP is publicly visible.
I don't want that:
So even I think this is the normal way you could do it I don't want to, because, how I said there are a lot of security risks that this kind of connection brings with it.
I want that:
I've heard that Discord, for example, does exactly what I show in the graphic (at least similarly). Can this be implemented? And if so, how? By the way, I used Python Django in the backend. I was wondering whether this could also be done with Python Django Channels. So is there an implementation in Django Channels that I can set up a WebRTC server? Many thanks in advance
You need to use a TURN relay server and set the RTCIceTransportPolicy to relay when creating the RTCPeerConnection in the browser. That will result in the media path matching your bottom diagram.
ALL public peer-to-peer communications use a server in the middle. Virtually every end-user computer in the world today sits behind a firewall and cannot be directly addressed from outside their network.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
We have legacy .exe solution running on industrial client's desktops that I need to port over to Google App Engine. All clients will have the same version of the app, no code customization. We need to be sure that data will not be leaked between different clients of the new GAE app or be snooped on by some external party.
So I have a couple of questions that I hope someone will be able to help me out.
Option 1: Use namespaces to separate client's data. This seems quite robust at the Datastore level; without the proper namespace data would not be served. Since we have the company name of each user, I would presume this would be quite secure against leaks.
Q1: Which precautions do I need to take to avoid someone guessing or hacking at URLs to get to unauthorized data?
Option 2: We could have a separate instance of the code and datastore for each client. This would give the optimal separation between clients.
Q2: Is there a tool or API to "clone" a given GAE app to many clients? We would feed the list of clients and update the code to all those instances in one go.
Thanks!
Which precautions do I need to take to avoid someone guessing or hacking at URLs to get to unauthorized data?
Namespaces are not a security mechanism for Datastore. A user with access to one partition in a project has access to all partitions in the project. Namespaces provide a way to organize your entities within a project.
Is there a tool or API to "clone" a given GAE app to many clients? We would feed the list of clients and update the code to all those instances in one go.
To have completely isolated instances of services, you can create new projects programmatically using the Cloud Resource Manager API and access resources across projects.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 days ago.
Improve this question
How to transfer session to another compute node with python in the following case?
case 1: If using kubernete,
case 2: Or using autoscale,
case 3: if using Amazon,
How to transfer session to another compute node with python?
So that program can run forever
Nope, none of those things can transfer a process with all of its in-memory and on-disk state across hosts.
If you’re looking at Kubernetes already, I’d encourage you to design your application so that it doesn’t have any local state. Everything it knows about lives in a database that’s maintained separately (if you’re into AWS, it could be an RDS hosted database or something else). Then you can easily run multiple copies of it (maybe multiple replicas in a Kubernetes ReplicaSet or Deployment) and easily kill one off to restart it somewhere else.
One of the high-end virtualization solutions might be able to do what you’re asking, but keeping a program running forever forever is pretty hard, particularly in a scripting language like Python. (How do you update the program? How do you update the underlying OS, when it needs to reboot to take a kernel update?)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know this is technically a duplicate question, but I believe it is valid since the original question was submitted 7 years ago and Python/web security has come a long way since then.
I would like to build a web app that allows users to input python code (through the Ace editor package) and then execute it in the browser using a python interpreter on the server. I cannot use pypy.js because I need to use numpy, pandas, and matplotlib. Essentially I would like to make my own Codecademy (I am a teacher and would like to create Codecademy-like courses for my students). Sadly the create-a-course thing Codecademy mentioned at one point has come to nothing.
I'm using Flask, but I could learn Django if that would be easier.
What is the best way to allow my users to run the python code without allowing them to affect the rest of the program or access files outside of what they're allowed to?
There were no fundamental changes in Python or web security the last 7 years. It is still suicidal to allow users to run code on your server.
However, what did change is the availability of lightweight VM solutions like docker.
For an example how this could work have a look at https://civisanalytics.com/blog/engineering/2014/08/14/Using-Docker-to-Run-Python/ . I will not reference this solution here as you will found other examples, even if this one goes away.
However, this might be more safe then running user code direct on your server, BUT
the user code is still running on your server. It might be not possible to escape the docker image, but a malicious user could still upload for eg. a denial of service tool and start an attack from your server. Or sniff your network traffic or whatever.
there are or at least might be ways to break out of the docker image.
For a controlled environment like a classroom those risks might be acceptable, but for a public server you would need a lot of security know how to further lock down the server and the docker image and filter available python functionality.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am trying to create a utility using Python (3) that, among other things, needs to look at and manage socket usage ON WINDOWS (no, I really don't care if it works on other OS's).
Looking at socket usage: To be clear, I don't want to create a socket or bind to an existing one, I want to be able to get a full list of what sockets are open and what programs have opened them. If you're not sure about what I mean, take a look at TCPView, which does exactly what I'm talking about.
Managing socket usage: Basically, I want to be able to stop programs from connecting from the internet, if necessary. I would assume that the easiest way to do this is to use os.system() to add a new rule to the Windows Firewall, but as that doesn't seem too elegant I'm open to suggestions.
As that's obviously not all the utility will do, I would prefer a library/module of some sort over a 3rd-party program.
You can launch the command "netstat -nabo" to get the list of all active connections & parse the output to get the source, destination, process name & ID. There is no straight forward method to get the active connections in python. You can also get the same information from python invoking iphlpapi. To block or allow a connection windows has command line to add/remove rule from windows firewall.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I need to make a chess multi-player game that works over the internet. I am a beginner to programming and networking alike, although I have managed the GUI based chess platform.
Now I need to overcome the challenge of configuring the game over the internet.
In order to do that, I would like to use a third party application or software (anything but socket programming) to make the python programs running on two machines talk to each other. What I am hoping to do is, that whenever someone makes a move, I want to send a string/list of the updated coordinates of his/her chess pieces over the internet to the second player, so that he can see what move has been made. Can anyone please tell where to start from or what to read regarding the same? Is the idea of sending the updated string/ list of coordinates feasable using an open source chat utility like telepathy?
You'd want to use the socket module. Example programs. It really isn't so difficult to use socket, basically the server end has to bind(), listen(), then accept() and the client has to simply connect(). From there recv() and sendall() can be used to receive and send data respectively. If you really don't want to use socket, then you could use a chat protocol like IRC or XMPP.
A chat/IM solution seems like a fine idea.
For chat/IM, you could use Jabber/XMPP. You would either need to set up your own server or find someone hosting one for the public. Setting up a Jabber server is fairly easy, you can use OpenFire for example. For connecting to Jabber, you could use python xmpp libraries to send and receive the messages. This might be the simplest approach because the Jabber libraries tend to be very easy to use. (I've done it in Java and .NET, not python, though).
Another approach would be to use something like twitter messaging. See Python Twitter library: which one? for a recommendation for a library which supports direct messaging (which is what you need). The advantage of this, is that once you learn the twitter API, you don't need your own server.
This is a broad, opinionated question but my go-to network communication protocol in Python is Twisted's Perspective Broker. It's event driven, kind of complicated to setup and requires control of the program's event loop but it works great. It allows for two-way communication between the client and server, and has the convenience of remote objects.