Browse thread
Safe marshall?
[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Gerd Stolpmann <info@g...> |
| Subject: | Re: [Caml-list] Safe marshall? |
Gerd Stolpmann said: > > Oliver Bandel said: >> On Thu, Feb 17, 2005 at 03:14:30PM -0800, Eric Stokes wrote: >>> I have to agree with Gerd, if at all possible use a protocol compiler >>> such as XDR, or ASN.1, even signing might not be secure if your >> >> Yes, XDR seems to be a good idea. >> >> >>> attacker can get ahold of the keys you are using. I can attest to the >>> robustness of Gerd's XDR implementation, I have used it in several >>> projects. >> >> Well.. is there already an XDR-binding for OCaml? > > Yes, as already pointed out, it is part of my SunRPC implementation: > http://ocaml-programming.de/programming/rpc.html. It is not a binding, > however, but a pure O'Caml implementation. > > It is quite easy and obvious how to use the XDR part alone without the > rest of RPC. For example, to define a record with an integer > and a string of maximum 20 characters: > > open Xdr > open Rtypes > let my_type_term X_struct [ "my_int", X_int; Oops, obviously somebody has stolen my "=". It is of course let my_type_term = X_struct (etc.). > "my_string", (X_string (uint4_of_int 20)) ] > let my_type = validate_xdt_type_term my_type_term > > Now, to encode a value: > > let my_val XV_struct [ "my_int", (XV_int (int4_of_int 42)); > "my_string", (XV_string "Sample") ] > let my_val_as_wire_string pack_xdr_value_as_string my_val my_type [] > > my_val_as_wire_string can now be sent over the network. For > decoding, use: > > let my_val_again unpack_xdr_value my_val_as_wire_string my_type [] > > If the string is illegal (e.g. my_string is longer than > 20 characters), exceptions will be thrown. > > One can also use ocamlrpcgen to generate parts of the above > code, including automatic conversion between XDR and the > corresponding O'Caml types (e.g. an XDR struct is converted > to an O'Caml record type). For complex protocols, the overhead > of learning ocamlrpcgen is worth the effort. > > One should also consider using RPC directly rather than to invent > a new networking layer. > > Gerd > >> Where to find it?! >> >> Ciao, >> Oliver >> >> _______________________________________________ >> Caml-list mailing list. Subscription management: >> http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list >> Archives: http://caml.inria.fr >> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners >> Bug reports: http://caml.inria.fr/bin/caml-bugs > > > ------------------------------------------------------------ > Gerd Stolpmann * Viktoriastr. 45 * 64293 Darmstadt * Germany > gerd@gerd-stolpmann.de http://www.gerd-stolpmann.de > ------------------------------------------------------------ > > > > _______________________________________________ > Caml-list mailing list. Subscription management: > http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list > Archives: http://caml.inria.fr > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs ------------------------------------------------------------ Gerd Stolpmann * Viktoriastr. 45 * 64293 Darmstadt * Germany gerd@gerd-stolpmann.de http://www.gerd-stolpmann.de ------------------------------------------------------------