SAMPY

Mark Taylor m.b.taylor at bristol.ac.uk
Thu Jul 3 08:29:53 PDT 2008


On Thu, 3 Jul 2008, Luigi Paioro wrote:

> Hi Mark,
>
>  well, you're right, sampy just sends two parameters: sender-id (which is 
> the sender application public ID) and messages.
>
> Reading the specification you mentioned actually it seems that I should also 
> send a private-key... right, but... which private-key? The receiver 
> private-key? This is useless... clients know their private-key. The sender 
> private-key? Absolutely no, otherwise the clients reveal their hub/client 
> communication secret code. The samp.hub-id? Maybe, just to let the client 
> verify that the XML-RPC call actually is performed by the hub and not by an 
> intruder. Am I right?

It should be the private-key of the client that the hub is calling.

This serves two purposes:

    1. since only the hub and the client know the private-key, it proves
       to the client that the call is coming from the hub and not from
       an intruder (the samp.hub-id is not sufficient for this, since
       other clients know it too)

    2. it's true that clients know their own private-key, but passing it
       in calls may be necessary if multiple clients are sharing the
       same XML-RPC server to handle callbacks.  In most cases each
       client will run its own XML-RPC server, but there might be
       situations where a single process wants to register as several
       different clients without running multiple different XML-RPC
       servers for some reason.

Mark

-- 
Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/



More information about the apps-samp mailing list