Re: [GnomeMeeting-devel-list] ILS, big problem

From: PUYDT Julien <julien puydt laposte net>
To: GnomeMeeting Devel Liste <gnomemeeting-devel-list gnome org>
Subject: Re: [GnomeMeeting-devel-list] ILS, big problem
Date: Mon, 13 Oct 2003 18:30:22 +0200

On lun, 2003-10-13 at 17:52, Damien Sandras wrote:
> I agree with you and Dennis, but is it legal to scan people that way?

Legal? They connect to your server, you check if they're reachable
anyway. You're not connecting to them out of nowhere, you're not
stealing information from them: you check if they are able to use the
service they asked from you, and you provide freely (as in price)...

> Also it takes a lot of time.

This is what bothers me most.

> We have anyway 3 solutions :
> - when the server receives a register request, it rejects it if the port
> is inaccessible

Well, the client does the request, you make another: it's not secure.

> - run a script and ban all misconfigured people

Easier on the server, but will people know why?

> - if the user is registered to ILS.seconix.com, GM checks of it is
> reachable from the outside through seconix.com, if not, it displays a
> popup and unregisters the user from ILS.

What you mean is: gm asks the server to test?

If so, it is bad, since the decision to make a test now is on the client
end (the untrusted one), and not on the server's end (the trusted one).
And: it is as heavy as the first solution.

> The last solution seems perhaps the best and the most confortable for
> the server.

I would say none of these fit...

Snark

Follow-Ups:
- Re: [GnomeMeeting-devel-list] ILS, big problem
  - From: Damien Sandras

References:
- [GnomeMeeting-devel-list] ILS, big problem
  - From: Damien Sandras
- Re: [GnomeMeeting-devel-list] ILS, big problem
  - From: PUYDT Julien
- Re: [GnomeMeeting-devel-list] ILS, big problem
  - From: Damien Sandras

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]