-----BEGIN PGP SIGNED MESSAGE-----
hi ezequiel,
you are correct to be concerned about the security of your host. if you are building
a system that can automatically spend gold from your account - your gold is only going
to be as secure as the weakest link of your host and software.
1. make sure your host is kept up to date with latest patches
2. have a firewall between your host and the internet
3. i'd discourage sharing the same box with other hosting customers, i.e.
get a dedicated box.
4. deal with a trusted, established hosting company
5. have at least one other pair of programming eyes review your code for
security related problems.
6. do you know who has root access to your host?
as far as storing the key that authorizes the payments (in this case the e-gold
account passphrase), here are a couple of options and ideas that you can chew
on...
a) make sure you understand this note present on the e-gold developer page:
"Any automation method that accepts arguments via the command line may expose
those arguments to other users on the same system able to view 'ps' type output.
Consider alternative methods of using automation if this is an issue. For example,
examine the --data @foobar option supported by cURL."
b) if you have a process that stays resident, consider manually entering the passphrase
such that it is only stored in memory (mlock that area).
c) use a dedicated account to spend out of, not necessarily your main account.
d) make a huge data file with random alphanumeric data in it - need some
random data? http://www.fourmilab.ch/hotbits/
set your passphrase to some portion(s) of that data. in your code, store the
offsets/lengths to your passphrase components in that file. (i'm assuming compiled
code here).
e) remember, the bad guy doesn't necessarily have to even figure out your passphrase
if he can subvert your code to make a payment to *his* account instead of your
intended account.
other subscribers probably have worthwhile ideas which i encourage them to share...
oh, and you can always ask [EMAIL PROTECTED] technical/programming questions related
to e-gold!
jay w.
[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQEVAwUBPuEMucyM0YPqVE7FAQHWsgf/SlDmb9kIiRp5U2pgJAcTU8gIDKHwYMXR
3fhwH8rAMcWbjVr+VQExkZ7tvFlgruoEILlzkNxcVqMaq+Mv3eobJsy95/Ccakqy
d2PkHkMyGdUqxnDYcGGcj0L7uo7UFgFeC4tHDOi71yxKAkNaJAEgAnVvEAHzRIy6
5LpD/QsZ0CMx0vX5+za0plNvoB+kEl/eEtrCR2uZB+A8qUXbBirw0rEyWY/gCitw
9IQ8B1n+WqJ5ZvW/Tba1gQoBU2crfPVngQlcaDRbE+Qk7d/aT/k0w3wBTImqjy6Q
K7eETWcZWOQ1/xMQhXYiA9maWBPClo3IcPW5IflFSawv45Qw7nqbHQ==
=lkgu
-----END PGP SIGNATURE-----
---
You are currently subscribed to e-gold-tech as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Safe web surfing tip: Get in the habit of checking the SSL key/padlock icon in your
browser and address/location bar *before* submitting sensitive information like your
e-gold passphrase.
