June 30th, 2004, 08:57 PM
Socket Security Issues
I'm pretty new to Python but I've written a little script that uses a socket object to connect to another computer and send a few strings. This works in conjunction with a MEL script I wrote. This requires Maya to open a commandPort to interface with the Python script.
The question I have is: are there any security issues to beware of when using sockets and opening ports. What is the scope of this socket? Does it work over the Internet or just a LAN? (it's difficult to test when you only have access to two computers) Any general programming tips would be appreciated as well.
the Python code follows if it makes any difference.
Thanks for any advice.
def MCT_sender(text, host, port):
remoteHostIP = socket.gethostbyname(host)
localHost = socket.gethostname()
maya = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
isMCTopen = "if (!`window -exists MCTWin`) \n\t MCT(\"" + localHost + "\"\n);"
maya.send("$newLine = \"" + localHost + ": " + text + "\\n\";")
maya.send("scrollField -e -ip 0 -it $newLine historyGrp;\n")
if __name__ == '__main__':
text = os.path.split(sys.argv)
host = os.path.split(sys.argv)
port = int(os.path.split(sys.argv))
hey james, good to see another maya dude in here! i'm learning python at the mo too.
in regards to security, i'm not expert, but opening a port in maya is a big security hole. i believe if your machine is connected to the net, then it will be remotely accessible too (i'd be happy to help u test that if u want). considering u pretty much have access to a command line through maya, its a bit scary.
having said that, anyone wanting to take advantage of that would have to have a working knowledge of mel to exploit the open port tho. and i can't imagine many "crackers" out there would know maya all that well.
July 10th, 2004, 12:03 PM
From the description it sounds like your PCs operate on a LAN.
If your PC with the open socket operates on a private LAN and is not the gateway to the INTERNET then it is unlikely anyone from the INTERNET will be able to access it. All PCs on the LAN have private addresses and it is only the public address of the gateway that is known/visible on the INTERNET.
It is not a problem for PCs on a LAN to access the INTERNET because they are the ones making the request and the gateway knows what to do. In this case the gateway handles the translation between private and public addresses.
Requests for connections from the INTERNET to your private LAN will not happen unless your gateway/firewall knows where to send the requests when they happen.
If the firewall is properly configured the only way to make your machine visible to the public would be for the firewall to open up the specific port and steer any requests on that port directly to the local LAN IP address of your PC.
If you need (secure) access to a private network from the INTERNET then VPN/SSH type technology is what you need which adds a layer of encryption and authentication into the mix.