* Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-13 17:54:19]:
> On Sat, May 13, 2006 at 05:51:44PM +0200, Florent Daigni?re (NextGen$) wrote: > > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-13 15:08:10]: > > > > > On Sat, May 13, 2006 at 03:29:29PM +0200, Florent Daigni?re (NextGen$) > > > wrote: > > > > Hi, > > > > > > > > I've seen https://bugs.freenetproject.org/view.php?id=351 in the > > > > bugtracker : > > > > > > > > 0000351: fproxy does not correctly block connections from addresses not > > > > in fproxy.allowedHosts > > > > > > > > atm, we do accept() on the socket and close it if the host isn't in the > > > > allowedHosts list... The only way of preemptively rejecting it would be > > > > to use the SecurityManager... > > > > > > If accept() actually opens the connection then I'm not sure how even > > > SecurityManager can do this... > > > > > > > > You set up the security manager before doing the accept, and it throws > > an exception if needed. > > Well sure, but what does java call? At the API level, the low level > accept() opens the connection, yes? So all java can do is open it and > then close it. You're right : their reset() method calls a close() :/ afaik we can't do better that what we already do. > > > > NextGen$ > -- > Matthew J Toseland - toad at amphibian.dyndns.org > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060513/aa4aad70/attachment.pgp>
