[DGD] Changing connect() (network package)

[bart at wotf.org]

On Sat, 29 Dec 2007 20:48:27 +0100, Felix A. Croes wrote
> bart at wotf.org wrote:
> 
> > This idea keeps comming up, and as a matter of fact, its how ancient lpmud did
> > its hostname resolution.
> >
> > The problems with this idea seem somewhat obvious...
> >
> > That external daemon has to logon to the mud somehow, hence it must contain
> > valid authentication information.
> >
> > That external daemon is the ideal starting point for man in the middle attacks
> > in case you decide to bother with encryption.
> 
> Not really.  You can let it log on to a special port that is only opened
> on localhost and has its own connection protocol. 

Making it obscure doesn't make it secure. Requiring a localhost connection
isn't too helpful in a world where shared hosting is rather common for muds.
limiting connections to localhost isn't a good enough security measure for
database servers either.

> Authentication could
> be done using a one-time password (especially since there is no 
> person, but a program on the other side) if you are especially 
> concerned about security.

One way or another, the external daemon will have to get that password and use
it to authenticate at some point.

Unlike the mud which usually has some people on it who may notice unusual
things happening, a connection daemon will require administrator attention to
make sure it is not compromised.

> 
> As for man-in-the-middle attacks, if a localhost connection is vulnerable
> then any connection is.

If you put a 3rd party in the middle, as is the case with an external
connection daemon, you create a staging point for man in the middle attacks.

A direct connection that does not involve a 3rd party (the connection daemon)
does not have this issue. 

Sure, one can still 'snoop' a local connection in case of shared hosting, but
encryption can cover that. 

Bart.
--
Created with Open WebMail at http://www.bartsplace.net/
Read my weblog at http://soapbox.bartsplace.net/