Send password over TCP connection
Paul Rubin
http
Thu Oct 13 17:50:16 EDT 2005
"dcrespo" <dcrespo at gmail.com> writes:
> > Can you say what your application is? That will help figure out
> > how far you need to go to protect these passwords, and what
> > alternatives might be possible.
>
> Sure, no problem (see this on fixed text):
Well, I mean, what kind of data is it? Sports chat? Personal
correspondence? Financial info like credit card numbers? Medical
records? Military/diplomatic traffic? I'm asking how severe the
security requirements are.
> All ClientServers log in supplying only one hashed password. It is
> hashedly stored in MasterServer.
Why do you want to do that? All of them get compromised if the one
password is compromised. What do you mean by "password"? If it's not
something a user has to remember and type in, then I hope you mean a
long random string rather than a password. I sort of remember your
mentioning this though.
> All this is sustented over a VPN.
If the VPN is any good, it should authenticate all the peers in some
reasonable way, so why do you need this password stuff at all?
More information about the Python-list
mailing list