Mark Taylor m.b.taylor at
Thu Jul 3 08:29:53 PDT 2008

On Thu, 3 Jul 2008, Luigi Paioro wrote:

> Hi Mark,
>  well, you're right, sampy just sends two parameters: sender-id (which is 
> the sender application public ID) and messages.
> Reading the specification you mentioned actually it seems that I should also 
> send a private-key... right, but... which private-key? The receiver 
> private-key? This is useless... clients know their private-key. The sender 
> private-key? Absolutely no, otherwise the clients reveal their hub/client 
> communication secret code. The samp.hub-id? Maybe, just to let the client 
> verify that the XML-RPC call actually is performed by the hub and not by an 
> intruder. Am I right?

It should be the private-key of the client that the hub is calling.

This serves two purposes:

    1. since only the hub and the client know the private-key, it proves
       to the client that the call is coming from the hub and not from
       an intruder (the samp.hub-id is not sufficient for this, since
       other clients know it too)

    2. it's true that clients know their own private-key, but passing it
       in calls may be necessary if multiple clients are sharing the
       same XML-RPC server to handle callbacks.  In most cases each
       client will run its own XML-RPC server, but there might be
       situations where a single process wants to register as several
       different clients without running multiple different XML-RPC
       servers for some reason.


Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
m.b.taylor at +44-117-928-8776

More information about the apps-samp mailing list