On Sat, May 13, 2006 at 03:29:29PM +0200, Florent Daigni?re (NextGen$) wrote: > Hi, > > I've seen https://bugs.freenetproject.org/view.php?id=351 in the > bugtracker : > > 0000351: fproxy does not correctly block connections from addresses not > in fproxy.allowedHosts > > atm, we do accept() on the socket and close it if the host isn't in the > allowedHosts list... The only way of preemptively rejecting it would be > to use the SecurityManager...
If accept() actually opens the connection then I'm not sure how even SecurityManager can do this... > > Do we want to dig into it and deal with it ? > > NextGen$ > PS: the security manager has policies that can be overriden by local > settings and it usage WILL lead to problem and missunderstanding when > supporting some users... > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060513/3a7eed17/attachment.pgp>
