Re: SAMPY

On Thu, 3 Jul 2008, Luigi Paioro wrote:

> Hi Mark,
>
> well, you're right, sampy just sends two parameters: sender-id (which is
> the sender application public ID) and messages.
>
> Reading the specification you mentioned actually it seems that I should also
> send a private-key... right, but... which private-key? The receiver
> private-key? This is useless... clients know their private-key. The sender
> private-key? Absolutely no, otherwise the clients reveal their hub/client
> communication secret code. The samp.hub-id? Maybe, just to let the client
> verify that the XML-RPC call actually is performed by the hub and not by an
> intruder. Am I right?

It should be the private-key of the client that the hub is calling.

This serves two purposes:

1. since only the hub and the client know the private-key, it proves to the client that the call is coming from the hub and not from an intruder (the samp.hub-id is not sufficient for this, since other clients know it too)
2. it's true that clients know their own private-key, but passing it in calls may be necessary if multiple clients are sharing the same XML-RPC server to handle callbacks. In most cases each client will run its own XML-RPC server, but there might be situations where a single process wants to register as several different clients without running multiple different XML-RPC servers for some reason.

Mark

-- 
Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
m.b.taylor@bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/