Pickling over a socket
Bastian Ballmann
balle at chaostal.de
Wed Apr 20 03:34:19 EDT 2011
Am Wed, 20 Apr 2011 16:59:19 +1000
schrieb Chris Angelico <rosuav at gmail.com>:
> Even public/private key systems won't
> work here; someone could get hold of your client and its private key,
> and poof.
Oh yeah but than all kinds of trusted computing wont work. Sure
one can see it on the net these days looking at the rsa or commodo or
ps3 hack and the like.
No system is totally secure. You can _always_ poke around if a program
uses user input. For example one can totally own a complete computer by
nothing more than a single sql injection attack even if the programmer
implemented some filters. Now would you say one shouldnt use sql
databases cause of that? ;)
My point is using ssl authentication / encryption together with another
symmetric encryption builds up two layers, which I would say is secure
enough to handle the data as trusted.
Greets
Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20110420/7454c9cf/attachment-0001.sig>
More information about the Python-list
mailing list