The best way to design your app, so that it can effortlessly tunnel through
firewalls, is to rig it so it uses a simple, absolutely standard TCP
connection to a fixed, well-known port, with the TCP connection setup
outbound-only --- never attempt to open a connection from the server back to
the client.
Then clearly document the port you use, and the details of the protocol, to
assure security analysts that either (a) your protocol will not do anything
security-sensitive, or else (b) it has adequate authentication within it.
Include a small, simple, portable proxy that could be used if admins wanted,
that acts as a server for the protocol on one side, breaks out the protocol
requests (i.e. parses 'em), then turns around and acts like a client,
reassembling the protocol requests and forwarding 'em on to the server. This
will provide further documentation for the protocol, and allow the firewall
admin to impose any additional controls or logging they may wish.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
