Joerg Sommer <[EMAIL PROTECTED]> writes:
> Andrew M. Bishop <[EMAIL PROTECTED]> wrote:
> > Joerg Sommer <[EMAIL PROTECTED]> writes:
> >
> >> is it possible to bind wwwoffle-port to another interface then the http-port?
> >> So http-port can listen to an public interface and wwwoffle-port can be
> >> bound to a secure interface like localhost. This may likewise reduce the
> >> possibility of and DOS attack.
> >
> > No, there is only one option in the configuration file for the
> > interface to bind.
> >
> > I don't see much improvement in security from binding the two to
>
> AFAIK the wwwoffle-port is for controlling wwwoffle, to switch wwwoffle
> online or offline. If the wwwoffle-port is bounded to the local
> interface, only a local user could get access on it. So it's much harder
> to get control about wwwoffle. And I don't know, why this must be a tcp
> port?
Yes, you are correct about the purpose of the WWWOFFLE port. If you
use a password in the config file then there is no way to take control
of WWWOFFLE even if the port is public.
Attackers can try to connect to the WWWOFFLE port and control the
program, but unless they know the password they can only make a denial
of service (DOS) attack. They can also make a DOS attack on the HTTP
port if that is public.
> Couldn't it be a unix socket?
Yes, but then you could not access it remotely.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.7/user.html
