"dcrespo" <[EMAIL PROTECTED]> writes: > Important data like diplomatic traffic. Must be accessible from all > Clients inmediatly a client publish his data. Its an online system.
OK, if it's actual diplomatic traffic you need to work with your government about criteria. If you're in the US, you'd get help from the NSA. This sounds more like business data. It's pretty normal to rely on your VPN. That will probably be more secure than some home-cooked protocol. If it's highly sensitive then you should use secure terminals (not PC's), hardware crypto tokens at the endpoints, and so forth. Please do read Ross Anderson's book, it sounds like you really might need it. Can I ask what country you are in? Also, how is the data supposed to get handled at the endpoints? Is it something like text messages that get displayed on a screen for someone to read? Or something like database updates? Something like a cash dispenser network where the leaf clients only make online queries (and maybe dispense cash) but don't really store much data? There are a lot of industry standards for different applications like this. You should follow one if you possibly can, even if you think your own method is better. There are two problems you have to consider. The first is how to make the system secure. For that, you should assume at this point that the people who designed the standards knew what they were doing. The second is what you'll tell the jury if something goes wrong despite your best efforts. For that, the best thing you can tell them is "I followed the standard written by the industry experts that represents the best knowledge in the field", and almost the worst thing is "I thought I was smarter than the experts so I used my own home-cooked method". So in both areas, following standards is the best policy. > > Why do you want to do that? All of them get compromised if the > > one password is compromised. > > How is it that all of them get compromised? It sounded like you're using the same password on all the clients. If not, then that helps. > > so why do you need this password stuff at all? > I don't want to permit anyone to run RPC functions. It's my desire. I don't understand how the password stuff is related to RPC. You shouldn't have RPC ports open on the server. -- http://mail.python.org/mailman/listinfo/python-list
