Various people wrote and replied (including the most respected author of
diald):
>> >
>> > Then TCP monitor connections may be for you :-). Use the Windows
>> > port of tcl/tk to run dctrl and connect via TCP to diald on the
>> > Linux system.
>>
>> Hmm, the reason I never did this in the first place was that I feared
>> the security implications. At the very least you should arrange to reject
>> connections from "outside" IP addresses. I suppose you could require a
>> connection password as well...
>>
>
>I'd have to agree with Eric about the TCP/IP connection for diald
>control. This would worry me. On the boxes we send out all IP
>services are shut down except those that are absolutely required.
>I hope this thing is going to be optional, otherwise I'll have
>to rip it out.
>
>I'd rather see an optional daemon started from inetd to do the
>external control. That way the diald code doesn't have to have the
>extra security stuff, or the socket stuff for that matter. Just let
>inetd[1] handle accepting the connection and tcpd (tcp-wrappers)
>handle access control. Heck, this can be done with a shell script,
>like the connect script for incoming ppp connections.
We should keep in mind that diald is used by many different types of
people, some of who have very significant security requirements, while
others are in looser security environments. For most of the diald
installations I've set up, a TCP based control solution which would allow
(or deny) control based on the IP address of the client machine requesting
the connection would fit the bill perfectly. As a matter of fact, the most
useful part would often be the graphic display of traffic, even more than
control, since the automatic control by diald usually works great. So an
option to allow bandwidth use monitoring without control could be handy.
I'd need it to run on both Windows and Macintosh client machines. This
should be possible with a TCL/TK based application, from what I've read.
So, Mike, my web site is eagerly waiting to host a mirror of your release,
with the TCP monitor connection feature. I'd sure like to try it, and if
others don't want it, well I assume it is an option that they can disable,
right?
So, when can I get my hot little hands on it?
John
__________________________________________________________________
John Seifarth http://www.waw.be/waw/
Words & Wires SPRL [EMAIL PROTECTED]
Computer Consulting & Language Services Voice: (+) 32-2-660-3943
1160 Brussels, Belgium Fax: (+) 32-2-675-3922
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
