summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuido van Rossum <guido@python.org>1995-06-21 02:19:55 (GMT)
committerGuido van Rossum <guido@python.org>1995-06-21 02:19:55 (GMT)
commit6ea3f92109836bdb6c3658a0284339715066a962 (patch)
tree8f348afcfb589905cc21c23e6113e7fdbcb75d8e
parent54175f7cbe0a83950805ecd89e03c31f0e6170a6 (diff)
downloadcpython-6ea3f92109836bdb6c3658a0284339715066a962.zip
cpython-6ea3f92109836bdb6c3658a0284339715066a962.tar.gz
cpython-6ea3f92109836bdb6c3658a0284339715066a962.tar.bz2
added notes about security
-rw-r--r--Demo/pdist/README16
1 files changed, 16 insertions, 0 deletions
diff --git a/Demo/pdist/README b/Demo/pdist/README
index 2312061..37719cb 100644
--- a/Demo/pdist/README
+++ b/Demo/pdist/README
@@ -1,6 +1,8 @@
Filesystem, RCS and CVS client and server classes
=================================================
+*** See the security warning at the end of this file! ***
+
This directory contains various modules and classes that support
remote file system operations.
@@ -23,6 +25,8 @@ RCSProxy.py RCS interface classes
client.py Client class
server.py Server class
+security.py Security mix-in class (not very secure I think)
+
cmdfw.py CommandFrameWork class
(used by rcvs, should be used by rrcs as well)
@@ -82,3 +86,15 @@ instantiate a client.
The modules client and server should probably be renamed to Client and
Server in order to match the class names.
+
+
+*** Security warning: this version requires that you have a file
+$HOME/.python_keyfile at the server and client side containing two comma-
+separated numbers. The security system at the moment makes no guarantees
+of actuallng being secure -- however it requires that the key file
+exists and contains the same numbers at both ends for this to work.
+(You can specify an alternative keyfile in $PYTHON_KEYFILE).
+Have a look at the Security class in security.py for details;
+basically, if the key file contains (x, y), then the security server
+class chooses a random number z (the challenge) in the range 10..100000
+and the client must be able to produce pow(z, x, y) (i.e. z**x mod y).