On Mon, 2005-10-10 at 07:46 -0700, Paul Rubinhttp: wrote:
> rbt <[EMAIL PROTECTED]> writes:
> > > Instead, for client #i, let that client's key be something like
> > > hmac(your_big_secret, str(i)).digest()
> > > and the client would send #i as part of the string.
> >
> > How is this different f
rbt <[EMAIL PROTECTED]> writes:
> > Instead, for client #i, let that client's key be something like
> > hmac(your_big_secret, str(i)).digest()
> > and the client would send #i as part of the string.
>
> How is this different from sending a pre-defined string from the client
> that the server kno
On Mon, 2005-10-10 at 05:54 -0700, Paul Rubinhttp: wrote:
> rbt <[EMAIL PROTECTED]> writes:
> > > I don't understand the question. HMAC requires that both ends share a
> > > secret key; does that help?
> >
> > That's what I don't get. If both sides have the key... how can it be
> > 'secret'? Al
rbt <[EMAIL PROTECTED]> writes:
> > I don't understand the question. HMAC requires that both ends share a
> > secret key; does that help?
>
> That's what I don't get. If both sides have the key... how can it be
> 'secret'? All one would have to do is look at the code on any of the
> clients and
On Sat, 2005-10-08 at 14:09 -0700, Paul Rubinhttp: wrote:
> rbt <[EMAIL PROTECTED]> writes:
> > Off-topic here, but you've caused me to have a thought... Can hmac be
> > used on untrusted clients? Clients that may fall into the wrong hands?
> > How would one handle message verification when one can
rbt <[EMAIL PROTECTED]> writes:
> Off-topic here, but you've caused me to have a thought... Can hmac be
> used on untrusted clients? Clients that may fall into the wrong hands?
> How would one handle message verification when one cannot trust the
> client? What is there besides hmac? Thanks, rbt
I
On 07/10/05, rbt <[EMAIL PROTECTED]> wrote:
> I have written a python socketServer program and I have a few questions
This is a multithreaded non-blocking version of your server (not
tested), with a basic attempt to hande errors.
from socket import *
from SocketServer import *
import time, threa
On Fri, 2005-10-07 at 15:07 -0700, Paul Rubinhttp: wrote:
> rbt <[EMAIL PROTECTED]> writes:
> > The server just logs data, nothing else. It's not private or important
> > data... just sys admin type stuff (ip, mac addy, etc.). I just don't
> > want some script kiddie discovering it and trying to 'h
rbt <[EMAIL PROTECTED]> writes:
> The server just logs data, nothing else. It's not private or important
> data... just sys admin type stuff (ip, mac addy, etc.). I just don't
> want some script kiddie discovering it and trying to 'hack' it. By doing
> so, they'd fill the log up with crap. So, If t
On Fri, 2005-10-07 at 09:17 -0700, Paul Rubinhttp: wrote:
> > 3. How do I keep people from tampering with the server? The clients
> > send strings of data to the server. All the strings start with x and
> > end with y and have z in the middle. Is requiring x at the front and
> > y at the back and z
Paul Rubin wrote:
> rbt <[EMAIL PROTECTED]> writes:
>
>>1. Do I need to use threads to handle requests, if so, how would I
>>incorporate them? The clients are light and fast never sending more
>>than 270 bytes of data and never connecting for more than 10 seconds
>>at a time. There are currently
rbt <[EMAIL PROTECTED]> writes:
> 1. Do I need to use threads to handle requests, if so, how would I
> incorporate them? The clients are light and fast never sending more
> than 270 bytes of data and never connecting for more than 10 seconds
> at a time. There are currently 500 clients and potenti
I have written a python socketServer program and I have a few questions
that I hope the group can answer... here is a simple version of the
server:
class tr_handler(SocketServer.StreamRequestHandler):
def handle(self):
data = self.rfile.readline(300)
data = str.st
13 matches
Mail list logo