[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs RPC security

From: Ted Zlatanov
Subject: Re: Emacs RPC security
Date: Mon, 25 Apr 2011 13:02:31 -0500
User-agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux)

On Mon, 25 Apr 2011 14:35:49 -0300 Stefan Monnier <address@hidden> wrote: 
SM> Ted wrote:
>> 1) authentication: the server should be able to verify the client's
>> identity and the client should be able to verify the server's identity.
>> This can be accomplished with SSL certificates and GnuTLS or by signing
>> each message.

SM> Using GnuTLS for the TCP connections could be a good idea as well:
SM> patches welcome.

I will put server GnuTLS support in Emacs on my TODO list, but it will
take a while.  I hope you consider it important.

>> 2) authorization: the server should be able to associate each client
>> identity with only certain functions it can invoke directly.

SM> When such a need will arise, we will think about it.  In all the cases
SM> I've seen until now, the Emacs server is only used by the same user as
SM> the client, so there's not much point making the security structure
SM> so complicated, right now.

Of course, since the security is so weak right now, no one is using it
outside a limited one-user so you haven't seen any unusual cases.  I
would use it personally as a remote password server so all my
auth-source data doesn't live on all the machines I use.  I would also
use it to implement a remote synchronization facility for Gnus and BBDB.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]