Generating Unique Keys

logistix logistix at zworg.com
Tue Jan 28 03:24:25 CET 2003


Skip Montanaro <skip at pobox.com> wrote in message news:<mailman.1043516445.19926.python-list at python.org>...

> 
>     Mongryong> For session keys, is their a way in Python to grap a client's
>     Mongryong> MAC address.  If so, is there any security concern with using
>     Mongryong> a client's MAC address?
> 
> There's no MAC address information in the HTTP headers.  There is the
> client's IP address, but for proxies and NAT stuff that obviously won't be
> good enough.  I'd just use a random number.
> 

To elaborate on this, DON'T use the MAC address.  It doesn't get
routed (it's only valid within a subnet)  Even if you could grab it
directly from a network packet, anything outside of your subnet will
have it's MAC address replaced by your router's MAC.  So it'd work
fine when you ran it in your test lab, but would be incredibly
buggy/insecure in production.




More information about the Python-list mailing list