Steven D'Aprano writes:
>> Supply the client with tamper-proof hardware containing a private key.
>
> Is that resistant to man-in-the-middle attacks by somebody with a packet
> sniffer watching the traffic between the device and the website?
Sure, why not? As long as the crypto is done properly
On Sun, 19 Jun 2011 05:47:30 +0100, Nobody wrote:
> On Sat, 18 Jun 2011 04:34:55 -0700, mzagu...@gmail.com wrote:
>
>> I am wondering what your strategies are for ensuring that data
>> transmitted to a website via a python program is indeed from that
>> program, and not from someone submitting PO
On Sat, 18 Jun 2011 04:34:55 -0700, mzagu...@gmail.com wrote:
> I am wondering what your strategies are for ensuring that data
> transmitted to a website via a python program is indeed from that
> program, and not from someone submitting POST data using some other
> means.
> Any remedy?
Supply t
On Sun, Jun 19, 2011 at 10:38 AM, Gregory Ewing
wrote:
> And that only if the attacker isn't a Python programmer.
> If he is, he's probably writing his attack program in
> Python anyway. :-)
>
I was thinking you'd have it call on various functions defined
elsewhere in the program, forcing him to
Michael Hrivnak wrote:
Besides, it seems that all
you've accomplished is verifying that the client can execute python
code and you've made it a bit less convenient to attack.
And that only if the attacker isn't a Python programmer.
If he is, he's probably writing his attack program in
Python an
On Sun, Jun 19, 2011 at 6:40 AM, Michael Hrivnak wrote:
> On Sat, Jun 18, 2011 at 1:26 PM, Chris Angelico wrote:
>> SSL certificates are good, but they can be stolen (very easily if the
>> client is open source). Anything algorithmic suffers from the same
>> issue.
>
> This is only true if you di
On 6/18/2011 7:34 AM, mzagu...@gmail.com wrote:
Hello Folks,
I am wondering what your strategies are for ensuring that data
transmitted to a website via a python program is indeed from that
program, and not from someone submitting POST data using some other
means. I find it likely that there is
"mzagu...@gmail.com" writes:
> For example, if I create a website that tracks some sort of
> statistical information and don't ensure that my program is the one
> that is uploading it, the statistics can be thrown off by people
> entering false POST data onto the data upload page. Any remedy?
If
On Sat, Jun 18, 2011 at 1:26 PM, Chris Angelico wrote:
> SSL certificates are good, but they can be stolen (very easily if the
> client is open source). Anything algorithmic suffers from the same
> issue.
This is only true if you distribute your app with one built-in
certificate, which does indee
"mzagu...@gmail.com" wrote:
>
>For example, if I create a website that tracks some sort of
>statistical information and don't ensure that my program is the one
>that is uploading it, the statistics can be thrown off by people
>entering false POST data onto the data upload page. Any remedy?
The a
On Sat, Jun 18, 2011 at 9:34 PM, mzagu...@gmail.com wrote:
> I am wondering what your strategies are for ensuring that data
> transmitted to a website via a python program is indeed from that
> program, and not from someone submitting POST data using some other
> means. I find it likely that ther
Authentication by client SSL certificate is best.
You should also look into restricting access on the server side by IP address.
Michael
On Sat, Jun 18, 2011 at 7:34 AM, mzagu...@gmail.com wrote:
> Hello Folks,
>
> I am wondering what your strategies are for ensuring that data
> transmitted to
On 18.06.2011 13:34, mzagu...@gmail.com wrote:
Hello Folks,
I am wondering what your strategies are for ensuring that data
transmitted to a website via a python program is indeed from that
program, and not from someone submitting POST data using some other
means. I find it likely that there is
Hello Folks,
I am wondering what your strategies are for ensuring that data
transmitted to a website via a python program is indeed from that
program, and not from someone submitting POST data using some other
means. I find it likely that there is no solution, in which case what
is the best solut
14 matches
Mail list logo
