[DGD] Changing connect() (network package)
Felix A. Croes
felix at dworkin.nl
Sat Dec 29 23:22:57 CET 2007
bart at wotf.org wrote:
> > Not really. You can let it log on to a special port that is only opened
> > on localhost and has its own connection protocol.
>
> Making it obscure doesn't make it secure. Requiring a localhost connection
> isn't too helpful in a world where shared hosting is rather common for muds.
> limiting connections to localhost isn't a good enough security measure for
> database servers either.
A localhost connection ensures that attacks have to be local -- a rather
important qualification in a threat analysis.
It also has nothing whatsoever to do with "security through obscurity". :-)
> > Authentication could
> > be done using a one-time password (especially since there is no
> > person, but a program on the other side) if you are especially
> > concerned about security.
>
> One way or another, the external daemon will have to get that password and use
> it to authenticate at some point.
But as a one-time password, it cannot be re-used in an attack.
>[...]
> If you put a 3rd party in the middle, as is the case with an external
> connection daemon, you create a staging point for man in the middle attacks.
Then again, if you were to integrate this vulnerable external connection
daemon with DGD, DGD itself becomes a staging ground for attacks! Another
score against the networking package.
> A direct connection that does not involve a 3rd party (the connection daemon)
> does not have this issue.
>
> Sure, one can still 'snoop' a local connection in case of shared hosting, but
> encryption can cover that.
Only local connections, not external ones? Is this something particular
to Windows hosts? In a Unix environment, only the super-user can snoop
connections (local or otherwise), in which case all bets are off.
Regards,
Dworkin
More information about the DGD
mailing list