On Sat, May 13, 2006 at 05:51:44PM +0200, Florent Daigni?re (NextGen$) wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-13 15:08:10]: > > > On Sat, May 13, 2006 at 03:29:29PM +0200, Florent Daigni?re (NextGen$) > > wrote: > > > Hi, > > > > > > I've seen https://bugs.freenetproject.org/view.php?id=351 in the > > > bugtracker : > > > > > > 0000351: fproxy does not correctly block connections from addresses not > > > in fproxy.allowedHosts > > > > > > atm, we do accept() on the socket and close it if the host isn't in the > > > allowedHosts list... The only way of preemptively rejecting it would be > > > to use the SecurityManager... > > > > If accept() actually opens the connection then I'm not sure how even > > SecurityManager can do this... > > > > > You set up the security manager before doing the accept, and it throws > an exception if needed.
Well sure, but what does java call? At the API level, the low level accept() opens the connection, yes? So all java can do is open it and then close it. > > NextGen$ -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060513/dbd71cbc/attachment.pgp>
