Hello, Has anybody considered security issues with wpkg?
As far as I can tell, wpkg requires the local network to be trusted. If it cannot be trusted, and the server goes off-line, then anybody could set up a fraudulent server with the same name, which serves a fraudulent copy of wpkg.js that does malicious things. As wpkg.js runs, automatically, as the system user on every Windows computer, this would be an easy way to bring all Windows computers in a company down. I conducted some tests using domain level security, but found I domains do not prevent this type of attack. Any thoughts? Thanks. -- Brian May <[EMAIL PROTECTED]> ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wpkg-users
