Am Saturday 15 October 2005 11:30 schrieb Jim Campbell: > Anyone transmitting un-encrypted data across a world wide internet (as > opposed to a "private" intranet) needs to think ahead a little. Every > hacker will be rubbing their hands with glee before trying to hit you > on these ports you have just announced. A server/client or even > peer-to-peer client can implement TLS/SSL fairly easily. For those with > restricted firewalls you can tunnel through SSH port 22 if you want to > keep it simple. Firewall/NAT configurations are difficult enough for > admins to configure without having to allow special FlightGear port > rules to allow access to ports on machines in-the-clear which may then > get hacked thus compromising the security of everyone behind the > firewall.
You are addressing serveral security issues at once and suggest encryption as one solution to all possible threads. First we have to differentiate between possible security issues and provide a solution for every single issue. A hacker who wants to threaten flightgear multiplayer users can easily read the source code and may find several possible bugs he can exploit, either for a denial of service attack or for gaining access to the remote machine or whatever. Encryption does not help at all, the bugs (if there are any) are still in the flightgear source and can be exploited. Additionally the encryption itself may be buggy and can lead to exploits. In case of distributed denial of service attacks, we (either the server or a client) are on the wrong end anyway. There is nothing we can do about it at all. The only way encryption can help is, if we use any kind of authentication to participate in multiplayer sessions, to prevent unregistered users to join. Which is something we possibly will implement if there are really a lot of people joining multiplayer sessions, and too many of them don't apply to any rules. regards, Oliver _______________________________________________ Flightgear-devel mailing list Flightgear-devel@flightgear.org http://mail.flightgear.org/mailman/listinfo/flightgear-devel 2f585eeea02e2c79d7b1d8c4963bae2d
