On Fri, 2005-10-07 at 15:07 -0700, Paul Rubinhttp: wrote: > rbt <[EMAIL PROTECTED]> writes: > > The server just logs data, nothing else. It's not private or important > > data... just sys admin type stuff (ip, mac addy, etc.). I just don't > > want some script kiddie discovering it and trying to 'hack' it. By doing > > so, they'd fill the log up with crap. So, If the data doesn't contain x, > > y, and z and if the data is too big or too small, I record it to a > > 'tamper' log and tell the leet hacker to 'go away'. > > Well, rather than this x,y,z stuff, it's best to do it properly and > authenticate the records with the hmac module.
Off-topic here, but you've caused me to have a thought... Can hmac be used on untrusted clients? Clients that may fall into the wrong hands? How would one handle message verification when one cannot trust the client? What is there besides hmac? Thanks, rbt -- http://mail.python.org/mailman/listinfo/python-list