* Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-13 15:08:10]:
> On Sat, May 13, 2006 at 03:29:29PM +0200, Florent Daigni?re (NextGen$) wrote: > > Hi, > > > > I've seen https://bugs.freenetproject.org/view.php?id=351 in the > > bugtracker : > > > > 0000351: fproxy does not correctly block connections from addresses not > > in fproxy.allowedHosts > > > > atm, we do accept() on the socket and close it if the host isn't in the > > allowedHosts list... The only way of preemptively rejecting it would be > > to use the SecurityManager... > > If accept() actually opens the connection then I'm not sure how even > SecurityManager can do this... > > You set up the security manager before doing the accept, and it throws an exception if needed. NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060513/508491b9/attachment.pgp>
