Re: socketServer questions

On Fri, 2005-10-07 at 15:07 -0700, Paul Rubinhttp: wrote:
> rbt <rbt@xxxxxxxxxxxxxxxxx> writes:
> > The server just logs data, nothing else. It's not private or important
> > data... just sys admin type stuff (ip, mac addy, etc.). I just don't
> > want some script kiddie discovering it and trying to 'hack' it. By doing
> > so, they'd fill the log up with crap. So, If the data doesn't contain x,
> > y, and z and if the data is too big or too small, I record it to a
> > 'tamper' log and tell the leet hacker to 'go away'.
>
> Well, rather than this x,y,z stuff, it's best to do it properly and
> authenticate the records with the hmac module.


Off-topic here, but you've caused me to have a thought... Can hmac be
used on untrusted clients? Clients that may fall into the wrong hands?
How would one handle message verification when one cannot trust the
client? What is there besides hmac? Thanks, rbt

.

Relevant Pages

  • Re: socketServer questions
    ... Clients that may fall into the wrong hands? ... What is there besides hmac? ... I'm trying to keep script kiddies from tampering with a socket server. ... understanding it and then being able to forge a string that the server ...
    (comp.lang.python)
  • Re: socketServer questions
    ... Clients that may fall into the wrong hands? ... > How would one handle message verification when one cannot trust the ... What is there besides hmac? ... mean you want to make sure that's really Bob logging into your ...
    (comp.lang.python)