On Sat, 11 Nov 2000, James Cameron wrote: > I'd say a public rsync server with a password known to the code. I made a little script to do this during DL to collect the stats from a remote server back to the central server. I modified end_tourney to call "system("ssh clue\@raidio.gnaps.com > /dev/null 2>1");" when it finished archiving locally, which is the central server where we played most games (raidio is the machine that hosts twink.crackaddict.com and netrek.crackaddict.com). Then on raidio, I had an ssh rsa key looking like this: no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="~/bin/leafstats &" 1024 35 <key> psychos at leaf.lumiere.net This ensured that leafstats is the only command leaf's key could run; I did this because I didn't want to have to give the account on leaf login privileges onto raidio (this is also why I didn't use scp; I didn't want it to be able to blindly copy files to raidio) so that a compromised account on leaf wouldn't lead to raidio being compromised. Then on raidio I had a ~/bin/leafstats script that looks like this: #!/bin/sh cd ~/html/leaf.lumiere.net rsync -rt --rsh=ssh --rsync-path=/home/psychos/bin/rsync psychos at leaf.lumiere.net:public_html/netrek/ . And on leaf I had an rsa key that allowed any activity from raidio with no password (as I trusted security in the other direction). This is probably too complex for general usage, but is probably a bit more secure, and it alleviates the need to have to actually run rsyncd.