Never hardcode IP addresses - use hostnames - especially if you are
passing this information back and forth or you will break address
translation. Also, both the addresses and ports should be externally configurable.
Bill
Bennett Todd wrote:
>
> The best way to design your app, so that it can effortlessly tunnel through
> firewalls, is to rig it so it uses a simple, absolutely standard TCP
> connection to a fixed, well-known port, with the TCP connection setup
> outbound-only --- never attempt to open a connection from the server back to
> the client.
>
> Then clearly document the port you use, and the details of the protocol, to
> assure security analysts that either (a) your protocol will not do anything
> security-sensitive, or else (b) it has adequate authentication within it.
>
> Include a small, simple, portable proxy that could be used if admins wanted,
> that acts as a server for the protocol on one side, breaks out the protocol
> requests (i.e. parses 'em), then turns around and acts like a client,
> reassembling the protocol requests and forwarding 'em on to the server. This
> will provide further documentation for the protocol, and allow the firewall
> admin to impose any additional controls or logging they may wish.
>
> -Bennett
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
smime.p7s
