Re: Why all the open ports?

From: Derek Simkowiak <dereks kd-dev com>
To: Eric Kidd <eric kidd pobox com>
Cc: gnome-components-list gnome org
Subject: Re: Why all the open ports?
Date: Sun, 9 Jul 2000 11:01:49 -0700 (PDT)

-> I assume that this has something to do with how ORBit implements IIOP. But
-> why can't these applications:
-> 
->   1) Listen only on the loopback interface?
->   2) Use Unix sockets?
->   3) Use predicable port numbers, so I can firewall them?

	Oh no.  Not again.

	See
http://mail.gnome.org/pipermail/gnome-list/2000-June/thread.html, and look
for messages titled, "make gnome listen on localhost:*".  Not all of the
relevant messages are in the same thread.


-> I'm kinda hoping that the code listening on those ports has been thoroughly
-> and carefully audited.

	It's underway, be we all know that accessible ports, audited or
not, are a huge security risk.


-> Open ports make me nervous. :-(

	As it should!  Orbit has an option to use Unix pipes instead of
TCP/IP ports, which reduces the risk a great deal.  But for some reason,
Elliot has an objection to having the default be Unix pipes...


--Derek

Follow-Ups:
- Re: Why all the open ports?
  - From: Eric Kidd
- Re: Why all the open ports?
  - From: Miguel de Icaza

References:
- Why all the open ports?
  - From: Eric Kidd

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]