socketServer questions
rbt
rbt at athop1.ath.vt.edu
Sat Oct 8 08:36:34 EDT 2005
On Fri, 2005-10-07 at 15:07 -0700, Paul Rubinhttp: wrote:
> rbt <rbt at athop1.ath.vt.edu> writes:
> > The server just logs data, nothing else. It's not private or important
> > data... just sys admin type stuff (ip, mac addy, etc.). I just don't
> > want some script kiddie discovering it and trying to 'hack' it. By doing
> > so, they'd fill the log up with crap. So, If the data doesn't contain x,
> > y, and z and if the data is too big or too small, I record it to a
> > 'tamper' log and tell the leet hacker to 'go away'.
>
> Well, rather than this x,y,z stuff, it's best to do it properly and
> authenticate the records with the hmac module.
Off-topic here, but you've caused me to have a thought... Can hmac be
used on untrusted clients? Clients that may fall into the wrong hands?
How would one handle message verification when one cannot trust the
client? What is there besides hmac? Thanks, rbt
More information about the Python-list
mailing list