-----BEGIN PGP SIGNED MESSAGE----- hi ezequiel,
you are correct to be concerned about the security of your host. if you are building a system that can automatically spend gold from your account - your gold is only going to be as secure as the weakest link of your host and software. 1. make sure your host is kept up to date with latest patches 2. have a firewall between your host and the internet 3. i'd discourage sharing the same box with other hosting customers, i.e. get a dedicated box. 4. deal with a trusted, established hosting company 5. have at least one other pair of programming eyes review your code for security related problems. 6. do you know who has root access to your host? as far as storing the key that authorizes the payments (in this case the e-gold account passphrase), here are a couple of options and ideas that you can chew on... a) make sure you understand this note present on the e-gold developer page: "Any automation method that accepts arguments via the command line may expose those arguments to other users on the same system able to view 'ps' type output. Consider alternative methods of using automation if this is an issue. For example, examine the --data @foobar option supported by cURL." b) if you have a process that stays resident, consider manually entering the passphrase such that it is only stored in memory (mlock that area). c) use a dedicated account to spend out of, not necessarily your main account. d) make a huge data file with random alphanumeric data in it - need some random data? http://www.fourmilab.ch/hotbits/ set your passphrase to some portion(s) of that data. in your code, store the offsets/lengths to your passphrase components in that file. (i'm assuming compiled code here). e) remember, the bad guy doesn't necessarily have to even figure out your passphrase if he can subvert your code to make a payment to *his* account instead of your intended account. other subscribers probably have worthwhile ideas which i encourage them to share... oh, and you can always ask [EMAIL PROTECTED] technical/programming questions related to e-gold! jay w. [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBPuEMucyM0YPqVE7FAQHWsgf/SlDmb9kIiRp5U2pgJAcTU8gIDKHwYMXR 3fhwH8rAMcWbjVr+VQExkZ7tvFlgruoEILlzkNxcVqMaq+Mv3eobJsy95/Ccakqy d2PkHkMyGdUqxnDYcGGcj0L7uo7UFgFeC4tHDOi71yxKAkNaJAEgAnVvEAHzRIy6 5LpD/QsZ0CMx0vX5+za0plNvoB+kEl/eEtrCR2uZB+A8qUXbBirw0rEyWY/gCitw 9IQ8B1n+WqJ5ZvW/Tba1gQoBU2crfPVngQlcaDRbE+Qk7d/aT/k0w3wBTImqjy6Q K7eETWcZWOQ1/xMQhXYiA9maWBPClo3IcPW5IflFSawv45Qw7nqbHQ== =lkgu -----END PGP SIGNATURE----- --- You are currently subscribed to e-gold-tech as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Safe web surfing tip: Get in the habit of checking the SSL key/padlock icon in your browser and address/location bar *before* submitting sensitive information like your e-gold passphrase.