You are not logged in.

#1 2018-10-21 13:12:46

fileserverpls
Member
Registered: 2018-10-21
Posts: 15

is it possible to create a secure file server in python?

I've tried with paramiko, sftp of different kinds, sockets, pycrypto, and some more but it seems impossible to read a file in binary in Python 3.x and send it over to another computer securely (encrypted). Does anyone have a similar project I can learn from?

Offline

#2 2018-10-21 14:58:54

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,444
Website

Re: is it possible to create a secure file server in python?

Is it possible?  Certainly.  But your questions sounds less about whether it is possible to create a secure file server in python and more about wanting a recommendation of an already created secure file server written in python that you can just import and run.

What do you mean by sending the file "securely (encrypted)"?  Do you want to encrypt the file data itself before sending, or do you want to create a TLS connection and send a file over it?

What's the end goal?  Is this a web server, or just a local connection?  If the former, you may just want to use cherrypy or the like.

Last edited by Trilby (2018-10-21 15:02:27)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Online

#3 2018-10-21 15:38:08

fileserverpls
Member
Registered: 2018-10-21
Posts: 15

Re: is it possible to create a secure file server in python?

Being able to have an encrypted connection, so I guess TLS

Offline

#4 2018-10-21 16:17:29

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,444
Website

Re: is it possible to create a secure file server in python?


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Online

#5 2018-10-21 21:56:45

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: is it possible to create a secure file server in python?

fileserverpls, I would implore you to read this document before continuing this thread, or starting another.  Your post lacks any kind of useful information for others to be able to help you, and given your username I'm inclined to thing that you're treating our community as a one-shot resource for your current problem, rather than having intentions to be a participatory member of the community.

Offline

#6 2018-10-22 03:05:34

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: is it possible to create a secure file server in python?

fileserverpls:
I support fukawi2’s recommendation. But, just to prevent someone from harming themselves searching for the answer later, let me restate your question: how to implement a secure file server in Python?

The short answer is: do not. Either you scp or, if you want some extra functions, use a similar approach. Connect via SSH and execute code on both sides to transfer files. This way you have — for free — properly¹ implemented server authentication, client authentication and encryption. You just need to implement the protocol and client/server parts of it. 99% sure this is exactly what you need.

A bit longer answer is: use existing unauthenticated and unencrypted connection and send files encrypted with existing tool — like openssl or 7zip — and signed with gpg or openssl. If the signature doesn’t match, the file is just dropped from the server. However, use this solution if and only if you have some well founded reason to not use the SSH one!

The long answer is: depends on what are your security requirements. There is no such thing as absolute security to which you can refer. You can only make it secure against a well defined adversary. Whether it’s possible to implement that in Python depends on your model. Certainly possible to write a server resillent against script-kiddie attacks. With enough of knowledge and experience it may be possible to produce one that would withstand an attack from a more advanced adversary. It is impossible² to write such a server in pure Python against any real, well organized threat — in Python you can’t defend against side-channel attacks.

Which one is the best answer? You have asked about encryption, without being concerned with authentication (of both sides!) first. That’s a strong indicator that you should avod going beyond the SSH answer and, definitely, avoid the last one.
____
¹ End implementing either of those properly is very hard and nearly surely you will fail at this task.
² The post is being written in late 2018; perhaps this will change in the future.

Last edited by mpan (2018-10-22 03:18:05)


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

Board footer

Powered by FluxBB