durusmail: durus-users: Re: [QP] specifying host for scgi, durus, etc.
 
Re: [QP] specifying host for scgi, durus, etc.
2006-04-01
David Binger
2006-04-01
mario ruggier
2006-04-01
mario ruggier
2006-04-01
David Binger
2006-04-03
Jesus Cea
2006-04-04
Thomas Guettler
2006-04-04
David Binger
Re: [QP] specifying host for scgi, durus, etc.
mario ruggier
2006-04-01
On Apr 1, 2006, at 1:59 PM, David Binger wrote:
>
> That is an interesting idea for addressing the problem of non-compliant
> cllients crashing the durus server, but non-compliant clients can also
> just stop the durus server from serving others.

If the durus server is shut down, for sure others will not be served?
I think I do not get what you mean here.

> Worse, a *compliant*,
> but unauthorized cllient has direct access to everything that you have
> stored.

By this you mean that if I know that there is a durus server running on
machine:1234 then I can start my own durus client, and do what I will?
Yes, I can see this as a real problem.

So, if we are unable to guarantee that the durus port is private, then
we must either have some sort of client authentication... which would
be very annoying. But maybe having a simple list of hosts (server init
parameter) from which clients are allowed to connect, would be enough?
And, I guess with default being localhost.

mario
reply