Re: Oaf default build...

From: Miguel de Icaza <miguel helixcode com>
To: Maciej Stachowiak <mjs eazel com>
Cc: Michael Meeks <mmeeks gnu org>, gnome-components-list gnome org
Subject: Re: Oaf default build...
Date: 29 May 2000 23:08:53 -0400

> Is this solution implemented now? And if so, does that resolve the
> security concerns?

If this is implemented, it resolves part of the security concerns.

The other security concern is that in the past a connection was tagged
as hostile until the client authenticated itself.  ORBit would run in
prevent-hostility mode until the cookie was received.

This mode basically meant that data and messages were limited in the
size that ORBit would accept.  Like for instance, until a client is
authenticated, we did not allow buffers bigger than 128k to be
transfered.

Miguel.

Follow-Ups:
- Re: Oaf default build...
  - From: Elliot Lee

References:
- Oaf default build...
  - From: Michael Meeks
- Re: Oaf default build...
  - From: Maciej Stachowiak
- Re: Oaf default build...
  - From: Miguel de Icaza
- Re: Oaf default build...
  - From: Maciej Stachowiak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]