* Trevor Talbot ([EMAIL PROTECTED]) wrote: > There are various platform-specific security features that might be > useful, like reserved port ranges and file permissions, but they are > so specific to the scenario they're designed for that it's hard to > create a generic solution that works well by default -- especially if > you want to run without requiring administrative privileges in the > first place.
Agreed. A guarentee that the process listening on a particular port is
what you're expecting isn't something that upstream can give. It needs
to be done through some situation-specific mechanism. There are a
number of options here, of course: SSL, Kerberos, SELinux, even things
like the tiger IDS. Reserved ports really aren't all that great a
solution in the end anyway, to be honest.
Enjoy,
Stephen
signature.asc
Description: Digital signature
