[Python-modules-commits] [parallelpython] 02/09: This patch removes the default password from pp code, requiring users to
Sandro Tosi
morph at moszumanska.debian.org
Mon Apr 25 18:41:40 UTC 2016
This is an automated email from the git hooks/post-receive script.
morph pushed a commit to branch master
in repository parallelpython.
commit b20bbe5917008a5588f6109b66a6becaf090c3d9
Author: Sandro Tosi <morph at debian.org>
Date: Thu Oct 8 10:06:03 2015 -0700
This patch removes the default password from pp code, requiring users to
explicitly write one; it updates the documentation along the source code
Patch-Name: 10_remove_default_password.patch
---
doc/ppdoc.html | 12 +++++-------
pp.py | 8 +++-----
2 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/doc/ppdoc.html b/doc/ppdoc.html
index c210f70..8ecfb8f 100644
--- a/doc/ppdoc.html
+++ b/doc/ppdoc.html
@@ -158,13 +158,11 @@ to the number of processors in the system
and list of ppservers to connect with :</p><p><strong> job_server = pp.Server(</strong><strong>ppservers=</strong><strong>ppservers</strong><strong>) </strong></p><p>5) Submit all the tasks for parallel execution:</p><p><strong> f1 = job_server.submit(func1, args1, depfuncs1, modules1)</strong></p><p><strong> f2 = job_server.submit(func1, args2, depfuncs1, modules1) </strong></p><p><strong> f3 = job_server.subm [...]
Start pp execution server with the number of workers set
to the number of processors in the system,
- <br>list of ppservers to connect with and secret key to authorize the connection:</p><p><strong> job_server = pp.Server(</strong><strong>ppservers=</strong><strong>ppservers</strong><strong>, secret="</strong><strong>mysecret</strong><strong>") </strong></p><p>5) Submit all the tasks for parallel execution:</p><p><strong> f1 = job_server.submit(func1, args1, depfuncs1, modules1)</strong></p><p><strong> f2 = job_server.submit(fun [...]
- to the security concerns it is highly recommended to run ppserver.py
-with an non-trivial secret key (-s command line argument) which should
-be paired with the matching <em>secret</em> keyword of PP Server class constructor. Since PP 1.5.3 it is possible to set secret key by assigning <strong>pp_secret</strong> variable in the configuration file <strong>.pythonrc.py</strong>
- which should be located in the user home directory (please make this
-file readable and writable only by user). The key set in .pythonrc.py
-could be overridden by command line argument (for ppserver.py) and <em>secret</em> keyword (for PP Server class constructor). </p><p> </p><hr><h1 id="COMMANDLINE"> ppserver.py stats and PID file example<br></h1><p>To print job execution statistics for ppserver.py send a SIGUSR1 signal to its main process.<br>For instance on UNIX platform following commands will start a server and print its stats:<br><strong>ppserver.py -P /tmp/ppserver.pid </strong></p><p><strong>kill -s [...]
+ <br>list of ppservers to connect with and secret key to authorize the connection:</p><p><strong> job_server = pp.Server(</strong><strong>ppservers=</strong><strong>ppservers</strong><strong>, secret="</strong><strong>mysecret</strong><strong>") </strong></p><p>5) Submit all the tasks for parallel execution:</p><p><strong> f1 = job_server.submit(func1, args1, depfuncs1, modules1)</strong></p><p><strong> f2 = job_server.submit(fun [...]
+
+<a name="SECURITY" title="SECURITY"></a></h1><p> Due to the security concerns, in Debian we decided to disable default password authentication, and require to run <strong>ppserver</strong> with a non-trivial secret key (<strong>-s</strong> command line argument) which should be paired with the matching <em>secret</em> keyword of PP Server class constructor. An alternative way to set a secret key is by assigning <strong>pp_secret</strong> variable in the configuration file <strong>.py [...]
+
+<p> </p><hr><h1 id="COMMANDLINE"> ppserver.py stats and PID file example<br></h1><p>To print job execution statistics for ppserver.py send a SIGUSR1 signal to its main process.<br>For instance on UNIX platform following commands will start a server and print its stats:<br><strong>ppserver.py -P /tmp/ppserver.pid </strong></p><p><strong>kill -s SIGUSR1 `cat /tmp/ppserver.pid`</strong><br></p>
</td>
</tr>
diff --git a/pp.py b/pp.py
index 936c68d..e3f4023 100644
--- a/pp.py
+++ b/pp.py
@@ -275,7 +275,6 @@ class Server(object):
"""
default_port = 60000
- default_secret = "epo20pdosl;dksldkmm"
def __init__(self, ncpus="autodetect", ppservers=(), secret=None,
restart=False, proto=2, socket_timeout=3600):
@@ -286,9 +285,8 @@ class Server(object):
the number of processors in the system
ppservers - list of active parallel python execution servers
to connect with
- secret - passphrase for network connections, if omitted a default
- passphrase will be used. It's highly recommended to use a
- custom passphrase for all network connections.
+ secret - passphrase for network connections; it can be set via
+ command-line or configuration file
restart - whether to restart worker process after each task completion
proto - protocol number for pickle module
socket_timeout - socket timeout in seconds which is also the maximum
@@ -371,7 +369,7 @@ class Server(object):
raise TypeError("secret must be of a string type")
self.secret = str(secret)
else:
- self.secret = Server.default_secret
+ raise ValueError("secret must be set using command-line option or configuration file")
self.__connect()
self.__creation_time = time.time()
self.logger.info("pp local server started with %d workers"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/parallelpython.git
More information about the Python-modules-commits
mailing list