thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Garrett>
Subject Re: Python server over HTTP, HTTPS -- How?
Date Fri, 03 Apr 2009 03:26:06 GMT
----- "Brian Hammond" <> wrote:
> What I'm curious about is how I can do all of the following:
> 1) use SSL to encrypt user credentials
> 2) write my service implementation in python
> I guess there's a few options for python but none completely solve  
> both of these requirements.
> 1) use the Twisted python generator and run a daemon with twistd
> 2) deploy to nginx/apache with mod_wsgi and somehow hook-in support  
> for decoding HTTP / HTTPS requests as Thrift RPCs.

Unless you need an asynchronous server side framework for high
concurrency and low memory footprint, I would stay clear of Twisted.
I think a standard threaded wsgi server would work fine.

If you're inclined to use a mod_wsgi, I recommend Graham Dumpleton's
outstanding wsgi implementation for Apache. The Nginx wsgi interface
is good as well, but beware if your app needs to block -- you'll be
serializing your requests.

Both options would let you run SSL as well as handle basic or digest

As far as tying in Thrift, I haven't done this myself and
unfortunately can't offer much. Hopefully there are others here who
can. As you've already suggested, taking a look at the RPC layer and
seeing how you can tie it into the backend from wsgi is a start.

IMO, the lack of a security story for Thrift is a weakness. I'm not
sure what discussions there have been to address this. I started to
implement SSL support for Java and Python, but found I had to modify
a fair amount of Thrift code and ended up punting by using stunnel to
setup a secure connection between client and server. You might find
this the path of least resistance as well, in particular if you can add
the authentication layer to your Thrift IDL.

As one other approach, you can use a symmetric key to sign a request
and send the signature in the clear with the rest of your thrift data.
As long as you keep the signing key secret, this would let you validate
the origin and integrity of the request. If there's anything sensitive 
in the request itself, though, this is no good.

Alas, message signing is another application layer measure -- it would
be sweet to see auth work its way into the Thrift spec.

Good luck!


View raw message