Brian May schrieb: >>>>>> "Tomasz" == Tomasz Chmielewski <[EMAIL PROTECTED]> writes: > > Tomasz> Well, perhaps it suffices if WPKG service is started as a > Tomasz> domain user, or WPKG path uses domain user credentials. > > Tomasz> Then, Windows should take care of all security issues for > Tomasz> us - no need to reinvent anything here, if the operating > Tomasz> system already does it? > > Tomasz> And Brian - what kind of tests did you really make? > > Unfortunately not. > > I setup a Samba server, not in a domain, and configured to map any bad > password to the guest user, with the same name as a server that was in > the domain. > > The client computer was a domain member and logged into the domain. > > I ensured that the genuine server was off-line, and from the client > computer, I established a connection to the fraudulent server. > > Windows did not offer any errors or warnings that the computer I was > connecting to was fraudulent or that it was connecting as a guest user > instead of the (expected) authenticated user.
Well, so it's your setup's fault - mapping bad users/passwords is not a recommended habit... Would the same scenario work if you didn't map bad user/password to guest? -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wpkg-users
