[opensource] Peristent ResNET Login

friedly.1 at osu.edu friedly.1 at osu.edu
Fri May 13 09:05:59 EDT 2011


I'll plan on making the changes you described, because it is a pretty big  
security hole.  I'm not sure if Python automatically checks the certificates,  
but I'll see what I can find about that.  Checking certificates might be a  
bit over my head though, I've never done it before and I'm not really sure  
how it works.  If it's as simple as just checking the server's key against a  
public list of keys then I can do that but I'm not really sure.
Also, I'll stop using xkcd because I guess it is a bit discourteous.  
xkcd.com/404 just returns a 404 though, which we thought was pretty funny  
compared to xkcd.com/403 or xkcd.com/405.  But since it's ResNET's problem,  
it would be more fair to just try to open a connection to some random page at  
resnet.osu.edu/RANDOM.  The only problem is if they start noticing that  
they're getting a lot of traffic to that random url and look into it.  We  
could maybe generate our own random string urls, but if one of them actually  
exists then the script won't work right.
The newest update has which lines to modify moved to the top and connects to  
a random resnet.osu.edu address; I'll add other stuff later:
http://pastebin.com/K016g3Bx


More information about the Opensource mailing list