[nycphp-talk] Secure (XML-RPC) connection
Faber Fedor
faber at linuxnj.com
Wed Mar 24 11:10:52 EST 2004
On Wed, Mar 24, 2004 at 10:59:42AM -0500, Chris Bielanski wrote:
> I wasn't the first to bring up SSL, I just brought up that it seems silly to
> reinvent a well-worn wheel for the prospect you raise.
You're right, it does seem silly. One of the reasons I posted the
question here is to see where/how I was being silly. :-)
> Hopefully I'm not being patronizing when I ask you not to forget that most
> firewalls should be able to handle a security protocol such that you can
> allow SSL in and out only for specific IP addresses,
I do't see that functionality anywhere in the config for the BEFSX41.
:-(
> and further constrain the ports on which traffic may pass.
I can do port forwarding, if that's what you mean.
> SSL runs on 443 and not 80, so that's one problem out of the way.
443, 80, it doesn't matter which port is open. What matters is *A* port
is open.
> As far as emulating a webserver, there's not
> much you can do about that. However, if you have your *own* code running at
> both ends, there's nothing to stop you from using private encryption on the
> datastream within the SSL tunnel.
Hmmm, that would take care of web server emulation cracker, then the only way to
break in would be to crack the web server emulate the calls from iside
the web server box. Better, better...
--
Regards,
Faber
Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com
More information about the talk
mailing list