Authentication Using Rotor
Irmen de Jong
irmen at -NOSPAM-REMOVE-THIS-xs4all.nl
Sat Mar 15 02:21:27 CET 2003
Jp Calderone wrote:
> On Sat, Mar 15, 2003 at 12:38:05AM +0100, Irmen de Jong wrote:
>>- never is a passphrase stored on disk or in memory.
> This sounds impossible to me. Care to elaborate (or qualify)?
What I meant was that the passphrase itself (secret key) used to
authenticate is not stored *in Pyro*. The server only stores the md5 hash of
the passphrase (in an in-memory table). Clients don't store anything.
Pyro is a library. It gets called from your application. The way your
application provides the passphrases to Pyro is up to you. Perhaps you'd
like to ask the user to type it in, in a password dialog.
Or read it from a (protected!) file. In any case, the authentication routine
doesn't store them in a table or in a file, but your application may, in fact.
More information about the Python-list