Just a reminder folks that NFS is intended for "behind-a-firewall" sites; please don't connect it straight to the internet.
Cheers, Jill. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 April 2005 7:51 AM To: slug@slug.org.au Subject: Re: [SLUG] running Konqueror as non-root + lan:/ ioslave + "illegal" port assignment for NFS On Wed, Apr 06, 2005 at 12:22:26AM +1000, Jeff Waugh wrote: > You can't talk to an NFS server set up like that with any non-root > program in a safe and sensible manner. You can, however, set up the > server to accept connections from unsafe ports. This is pretty > reasonable if it's a read-only share, or you're in a trustable > environment... but it's completely unsafe in most circumstances. :-) Using a "trusted" port as a measure of security is unsafe under almost every circumstance. In effect you are trusting the physical security of the subnet plus every machine on that subnet. Suppose someone clips a laptop (or palm pilot, or wristwatch) to a spare ethernet outlet or jumps onto your wavelan... suddenly they have acess to a "trusted" port (and a "trusted" ip too). > Just add "insecure" to the nfs options list on the server. If only there was a "secure" option... *sigh* - Tel ( http://bespoke.homelinux.net ) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html ---------------------------------------------------------------------- IMPORTANT NOTICES This email (including any documents referred to in, or attached, to this email) may contain information that is personal, confidential or the subject of copyright or other proprietary rights in favour of Aristocrat, its affiliates or third parties. This email is intended only for the named addressee. Any privacy, confidence, copyright or other proprietary rights in favour of Aristocrat, its affiliates or third parties, is not lost because this email was sent to you by mistake. If you received this email by mistake you should: (i) not copy, disclose, distribute or otherwise use it, or its contents, without the consent of Aristocrat or the owner of the relevant rights; (ii) let us know of the mistake by reply email or by telephone (+61 2 9413 6300); and (iii) delete it from your system and destroy all copies. Any personal information contained in this email must be handled in accordance with applicable privacy laws. Electronic and internet communications can be interfered with or affected by viruses and other defects. As a result, such communications may not be successfully received or, if received, may cause interference with the integrity of receiving, processing or related systems (including hardware, software and data or information on, or using, that hardware or software). Aristocrat gives no assurances in relation to these matters. If you have any doubts about the veracity or integrity of any electronic communication we appear to have sent you, please call +61 2 9413 6300 for clarification. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
