Foundations of Python Network Programming 978-1-4302-3004-5
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 6 ■ TLS AND SSL<br />
If you do ever want to exercise some application-level IP access control in a particular program,<br />
simply examine the IP address returned by the accept() method on the socket with which your<br />
application is listening:<br />
sc, sockname = s.accept()<br />
if not sockname[0].startswith('192.168.'):<br />
» raise RuntimeError('connectors are not allowed from another network')<br />
If you are interested in imposing the very specific restriction that only machines on your local<br />
subnet can connect to a particular service, but not machines whose packets are brought in through<br />
gateways, you might consider the SO_DONTROUTE option described in Chapter 2. But this restriction, like<br />
all rules based only on IP address, implies a very strong trust <strong>of</strong> the network hardware surrounding your<br />
machine—and therefore falls far short <strong>of</strong> the kind <strong>of</strong> assurance provided by TLS.<br />
Finally, I note that the Ubuntu folks—who use <strong>Python</strong> in a number <strong>of</strong> their system and desktop<br />
services—maintain their own package for accessing libwrap0, a shared-library version <strong>of</strong> Wietse's old<br />
code, based on a <strong>Python</strong> package that was released on SourceForge in 2004. It allows them to do things<br />
like the following:<br />
>>> from pytcpwrap.tcpwrap import TCPWrap<br />
>>> TCPWrap('foo', None, '130.207.244.244').Allow()<br />
False<br />
But since this routine can be rather slow (it always does a reverse DNS lookup on the IP address),<br />
the <strong>Python</strong> code uses tabs and old-fashioned classes, and it has never been released on PyPI, I<br />
recommend against its use.<br />
Cleartext on the <strong>Network</strong><br />
There are several security problems that TLS is designed to solve. They are best understood by<br />
considering the dangers <strong>of</strong> sending your network data as “cleartext” over a plain old socket, which copies<br />
your data byte-for-byte into the packets that get sent over the network.<br />
Imagine that you run a typical web service consisting <strong>of</strong> front-end machines that serve HTML to<br />
customers and a back-end database that powers your service, and that all communication over your<br />
network is cleartext. What attacks are possible?<br />
First, consider an adversary who can observe your packets as they travel across the network. This<br />
activity is called “network sniffing,” and is quite legitimate when performed by network administrators<br />
trying to fix problems on their own hardware. The traditional program tcpdump and the more sleek and<br />
modern wireshark are both good tools if you want to try observing some network packets yourself.<br />
Perhaps the adversary is sitting in a c<strong>of</strong>fee shop, and he has a wireless card that is collecting your<br />
traffic as you debug one <strong>of</strong> the servers, and he keeps it for later analysis. Or maybe he has <strong>of</strong>fered a bribe<br />
to a machine-room operator (or has gotten himself hired as a new operator!) and has attached a passive<br />
monitor to one <strong>of</strong> your network cables where it passes under the floor. But through whatever means, he<br />
can now observe, capture, and analyze your data at his leisure. What are the consequences?<br />
• Obviously, he can see all <strong>of</strong> the data that passes over that segment <strong>of</strong> the network.<br />
The fraction <strong>of</strong> your data that he can capture depends on how much <strong>of</strong> it passes<br />
over that particular link. If he is watching conversations between your web front<br />
end and the database behind it, and only 1% <strong>of</strong> your customers log in every day to<br />
check their balances, then it will take him weeks to reconstruct a large fraction <strong>of</strong><br />
your entire database. If, on the other hand, he can see the network segment that<br />
carries each night's disk backup to your mass storage unit, then in just a few hours<br />
he will learn the entire contents <strong>of</strong> your database.<br />
90