Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #93076
| Path | csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.007 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'subject:Python': 0.05; 'retrieved': 0.05; 'chunks': 0.09; 'implies': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'system;': 0.09; 'stored': 0.10; 'assume': 0.11; 'user.': 0.15; '(about': 0.16; 'assumptions': 0.16; 'disk.': 0.16; 'encryption': 0.16; 'message-id:@4ax.com': 0.16; 'nefarious': 0.16; 'permissions,': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'which,': 0.16; 'url:home': 0.18; '2015': 0.23; 'somewhere': 0.24; 'written': 0.24; 'header:X-Complaints-To:1': 0.26; "doesn't": 0.28; "i'm": 0.29; '-0500,': 0.29; 'key,': 0.29; 'privileges': 0.29; 'protocol.': 0.29; 'maybe': 0.31; "i'd": 0.31; 'supposed': 0.31; "can't": 0.32; 'core': 0.32; 'file': 0.34; 'could': 0.35; 'to:addr:python-list': 0.35; 'configured': 0.35; 'machines': 0.35; 'returning': 0.35; 'skip:> 10': 0.35; 'something': 0.35; "isn't": 0.35; 'but': 0.36; 'data.': 0.36; 'subject:: ': 0.37; 'charset:us-ascii': 0.37; 'tue,': 0.38; 'received:org': 0.38; 'someone': 0.38; 'means': 0.39; 'application': 0.39; 'login': 0.39; 'to:addr:python.org': 0.39; 'data': 0.40; 'your': 0.60; 'even': 0.61; 'per': 0.61; 'real': 0.61; 'of:': 0.66; 'subject:Data': 0.66; 'user,': 0.67; 'protect': 0.74; 'smith': 0.76; 'end-user': 0.84; 'logins': 0.84; 'payload': 0.84; 'dennis': 0.91; 'received:108': 0.93; 'senders': 0.93 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| To | python-list@python.org |
| From | Dennis Lee Bieber <wlfraed@ix.netcom.com> |
| Subject | Re: Pure Python Data Mangling or Encrypting |
| Date | Wed, 24 Jun 2015 08:19:03 -0400 |
| Organization | IISS Elusive Unicorn |
| References | <mmcagn$aa5$1@ger.gmane.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| Content-Transfer-Encoding | 7bit |
| X-Gmane-NNTP-Posting-Host | adsl-108-79-222-44.dsl.klmzmi.sbcglobal.net |
| X-Newsreader | Forte Agent 6.00/32.1186 |
| X-No-Archive | YES |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.20+ |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.14.1435148356.3674.python-list@python.org> (permalink) |
| Lines | 37 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1435148356 news.xs4all.nl 2893 [2001:888:2000:d::a6]:51535 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:93076 |
Show key headers only | View raw
On Tue, 23 Jun 2015 14:02:45 -0500, Randall Smith <randall@tnr.cc>
declaimed the following:
>Chunks of data (about 2MB) are to be stored on machines using a
>peer-to-peer protocol. The recipient of these chunks can't assume that
>the payload is benign. While the data senders are supposed to encrypt
>data, that's not guaranteed, and I'd like to protect the recipient
>against exposure to nefarious data by mangling or encrypting the data
>before it is written to disk.
>
Pardon, but that description has me confused. Perhaps I just don't
understand the full use-case.
Who exactly is supposed to be protected from what? You state "data
senders are supposed to encrypt" which, if the recipient doesn't have the
decryption key, implies the recipient -- isn't the real recipient but just
a transport/storage place until the data is retrieved by the end-user.
If "you" do the encryption on the storage machine, then you need to
also do the decryption when returning the data to the end-user -- which
means the key is available somewhere on the storage machine, and the local
user might obtain access to it and the stored data.
Given the assumptions I'm making, my recommendation is likely to be
something on the nature of: use an OS designed with security at the core of
the file system; each sender has their own login UID, and the file system
is configured to grant r/w access only to the login -- no execute
permissions, no access by someone not logged in as that user, etc.
Or maybe bypass file system and use a client/server database (no
SQLite3) for the storage media, with the database privileges configured so
only your receive/return application can see the data -- and even that
could have configured logins per user.
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Pure Python Data Mangling or Encrypting Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-06-24 08:19 -0400
csiph-web