Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!newsgate.cistron.nl!newsgate.news.xs4all.nl!194.109.133.84.MISMATCH!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.048 X-Spam-Evidence: '*H*': 0.90; '*S*': 0.00; 'wed,': 0.04; 'filters.': 0.07; 'content-type:multipart/signed': 0.09; 'programmer': 0.11; 'computing': 0.11; 'content-type:application/pgp-signature': 0.16; 'filename:fname piece:asc': 0.16; 'filename:fname piece:signature': 0.16; 'filename:fname:signature.asc': 0.16; 'input.': 0.16; 'symmetric': 0.16; 'header:In-Reply-To:1': 0.22; 'builds': 0.23; 'that?': 0.23; 'example': 0.24; 'chris': 0.27; 'work.': 0.27; 'like.': 0.29; "won't": 0.30; 'key,': 0.31; 'to:addr:python-list': 0.32; 'another': 0.32; 'implemented': 0.33; 'someone': 0.33; 'uses': 0.34; 'using': 0.34; 'point': 0.35; 'ssl': 0.35; 'charset:us-ascii': 0.36; 'enough': 0.37; 'data': 0.37; 'two': 0.37; 'some': 0.37; 'apr': 0.38; 'hack': 0.38; 'user': 0.38; 'but': 0.38; 'hold': 0.39; 'to:addr:python.org': 0.39; 'could': 0.39; 'received:de': 0.39; 'header:Mime-Version:1': 0.39; 'would': 0.40; 'header:Received:5': 0.40; 'received:95': 0.60; '2011': 0.62; 'secure': 0.62; 'cause': 0.65; 'kinds': 0.67; 'encryption': 0.68; 'secure.': 0.68; 'injection': 0.84; 'schrieb': 0.84; 'subject:over': 0.84 Date: Wed, 20 Apr 2011 09:34:19 +0200 From: Bastian Ballmann To: python-list@python.org Subject: Re: Pickling over a socket In-Reply-To: References: <61890800-f81a-4a1e-8905-a0237407f016@a21g2000prj.googlegroups.com> <7744bf8c-0df6-4dc9-a977-7234d571643f@r4g2000prm.googlegroups.com> <7a56699d-7387-49a0-8c4f-f794df43df00@22g2000prx.googlegroups.com> <20110420084431.0480aa41@chaostal.de> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/wMo6aSaT8G324OyY.QTj+Lb"; protocol="application/pgp-signature" X-Virus-Scanned: Debian amavisd-new at lucy.chaostal.de X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 42 NNTP-Posting-Host: 82.94.164.166 X-Trace: 1303284884 news.xs4all.nl 32470 [::ffff:82.94.164.166]:59364 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:3662 --Sig_/wMo6aSaT8G324OyY.QTj+Lb Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Wed, 20 Apr 2011 16:59:19 +1000 schrieb Chris Angelico : =20 > Even public/private key systems won't > work here; someone could get hold of your client and its private key, > and poof. Oh yeah but than all kinds of trusted computing wont work. Sure one can see it on the net these days looking at the rsa or commodo or ps3 hack and the like. No system is totally secure. You can _always_ poke around if a program uses user input. For example one can totally own a complete computer by nothing more than a single sql injection attack even if the programmer implemented some filters. Now would you say one shouldnt use sql databases cause of that? ;) My point is using ssl authentication / encryption together with another symmetric encryption builds up two layers, which I would say is secure enough to handle the data as trusted. Greets Basti --Sig_/wMo6aSaT8G324OyY.QTj+Lb Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk2ujHsACgkQEQHD8bvs9q3a+gCgt7OPN8CJqhem9hMa77a7+Ud+ U4UAn2uHBqOWYaC94xY8RwM9OPhZCXqk =isJb -----END PGP SIGNATURE----- --Sig_/wMo6aSaT8G324OyY.QTj+Lb--