m.b.taylor at bristol.ac.uk
Thu Jul 3 08:29:53 PDT 2008
On Thu, 3 Jul 2008, Luigi Paioro wrote:
> Hi Mark,
> well, you're right, sampy just sends two parameters: sender-id (which is
> the sender application public ID) and messages.
> Reading the specification you mentioned actually it seems that I should also
> send a private-key... right, but... which private-key? The receiver
> private-key? This is useless... clients know their private-key. The sender
> private-key? Absolutely no, otherwise the clients reveal their hub/client
> communication secret code. The samp.hub-id? Maybe, just to let the client
> verify that the XML-RPC call actually is performed by the hub and not by an
> intruder. Am I right?
It should be the private-key of the client that the hub is calling.
This serves two purposes:
1. since only the hub and the client know the private-key, it proves
to the client that the call is coming from the hub and not from
an intruder (the samp.hub-id is not sufficient for this, since
other clients know it too)
2. it's true that clients know their own private-key, but passing it
in calls may be necessary if multiple clients are sharing the
same XML-RPC server to handle callbacks. In most cases each
client will run its own XML-RPC server, but there might be
situations where a single process wants to register as several
different clients without running multiple different XML-RPC
servers for some reason.
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/
More information about the apps-samp