> Can you say what your application is? That will help figure out how far you
> need to go to protect these passwords, and what alternatives might be
> possible.
Sure, no problem (see this on fixed text):
___________ MasterServer ___________
// / || | \\ \
ClientServer ClientServer ClientServer
// \\ // \\ // \\
Client Client Client Client Client Client
// = XML-RPC connection
/ = Pure TCP connection
Clients, connects to MasterServer through ClientServer using XML-RPC
ClientServer interacts with MasterServer using 2 modes: XMLRPC and pure
TCP.
Pure TCP connection is used for athenticating ClientServer. When a
ClientServer is authenticated,
the ClientServers can connect to MasterServer for running RPC functions
requested by its Clients.
All ClientServers log in supplying only one hashed password. It is
hashedly stored in MasterServer.
The way I elected to log in is:
-Generate an MD5 string from a Random Alpha_Numeric string on
ClientServer side
-Generate another MD5 string from a Random Alpha_Numeric string on
MasterServer side
-Send each string from one host to the other.
-Apply a Hash algorithm using both MD5 in conjunction with the
password that each one knows.
-Then, the ClientServer sends its resulting hashed string to
MasterServer
-MasterServer then compares its own resulting hashed string with
the one received from ClientServer
ClientServer logs in if:
- IP's ClientServer is not a Blocked IP by MasterServer
- IP's ClientServer is in an Allowed IP Range
- hashed strings match
All this is sustented over a VPN.
Suggestions are welcomed
--
http://mail.python.org/mailman/listinfo/python-list
