JamieD has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have written an XML socket server and I want to be able to allow people to connect from behind a fire wall. Does anyone know how I would do this?

As far as I understand then if you cant connect on port xxxx then you send a request on port 80 to a cgi script or such like. How do I then maintain a persistant connection with the server? im not sure how this works.

Is it ok to maintain a connection with a cgi script, as far as I know when you connect on port 80 to a webserver the 2 machines negotiate a port to use between them selves so as not to tie up port 80 for other traffic. Is this correct?

Secondly, if I am correct about the above anyone know of any tutorials on communicating between 2 proccesses in perl. The cgi script and my perl server script would need to communicate so that messages were passed between them.

Thnx for any help

JamieD

Replies are listed 'Best First'.
Re: XML socket server HTTP tunneling
by mirod (Canon) on Nov 21, 2002 at 12:13 UTC

    Beyond the fact that I don't think you can keep the connection open (you might be able to do some creative things with HTTP 1.1, I don't know), this is not the right thing to do.

    Warning: rant follows!

    Firewalls are here for a reason: to isolate the internal network from the Wild Wild Internet. Firewalls allow certain types of communication to the outside world. Network administrators are paid to ensure that those communications are reasonably safe. They usually do this by allowing certain ports to be open, based on the services these ports provide. If you start using port 80 for an XML socket server (not to mention SOAP or XML-RPC) then you completely break this security model. The admin does not know that you are using port 80 for a non-standard purpose, hence she can't do her job and keep the system secure.

    If I was a network administrator and discovered that people are using that kind of trick on my network, be sure there would be consequences!

    The right thing to do is to setup your server on a defined port and to ask the network admin to open it. You might have to justify the need and to demonstrate that this new service is secure. THIS IS A GOOD THING!

    You might find Paul Prescod's Some thoughts about SOAP versus REST on Security an interesting read.

[reply]
      Sorry, I did phrase my question too well.

      To answer Merlyn, I am not opening an XML socket, I am opening a standard socket and using this to send and recieve XML data.

      In response to mirod, I cant get the network admins to open ports because this is going to be a public service that anyone can connect to, I dont have a problem connecting but other people behind firewalls might have a problem doing this.

      I think the solution might be to use port 80 to connect to a cgi which send xml data and loads data, then closes the connection. The client then waits for a bit, reconnects and does the same again. I will then have to modify the server code so that it stores all of the messages sent since the last time the user connected and sends them in one go when the user connects. This wouldnt be a real time message relay so i dont think it would be any good for games.

      Is this the best solution?
[reply]
[reply]
•Re: XML socket server HTTP tunneling
by merlyn (Sage) on Nov 21, 2002 at 11:55 UTC
[reply]

Back to Seekers of Perl Wisdom