Re: [soaplite] SSH as a transport
- Hi Daryl,
Daryl Williams wrote:
> helo scott, everyone. i'm still pretty new to this stuff andI just wanted to comment on this, since I had the same idea and did some
> still trying to learn. i'm interested in your statement about
> using ssh as a transport. i'm currently writing something
> using httpd as the transport. i dont want to use https
> since i dont have any certificates. yet i want to make
> the application secure...
research. As you say, there's a few references to this on the net, but
as far as I can tell they're all using port redirection/tunneling.
However, although it would probably not be very hard to use the IO
transport to set up stdin/stdout piped through SSH as the transport, you
will miss one of the key reasons to use SOAP in the first place, which
is interoperability. You can't expect Java, Visual Basic, etc. to allow
you to do the same thing. At least not easily.
The performance would also not be very good, because the SSH server
would have to start up your Perl server program for every transaction,
just like a CGI server. In my experience, it takes about a second to
compile and start the SOAP::Lite server.
Based on that, I would say that SSL or HTTPS is a better solution. If
you don't have a certificate you just generate one, just as you would
generate an SSH key pair.
This brings me into another issue. Does anyone has any experience with
setting up a standalone HTTPS SOAP::Lite server? If so, I'm interested
to hear about how you did it. I tried to simply tweak HTTP::Daemon to
use IO::Socket::SSL instead of IO::Socket::INET - unfortunately it
didn't work. Is there a more straightforward way? I'd like to avoid
messing around with modified "standard" packages whenever possible.