Pieter Hintjens wrote: > On Tue, Jul 27, 2010 at 5:54 PM, Pieter Hintjens <[email protected]> wrote: > >>> Wait - they can connect to our publisher: otherwise the Internet >>> wouldn't be much use from behind NAT. It's just making connections back >>> to them that's difficult. >> Of course they can connect to the publisher but there is no way for >> your application code to authenticate those connections. > > Incidentally that raises some other concerns for Internet scale use: > > - how to block IP addresses (e.g. to prevent DoS attacks) > > Martin, any idea how you'd solve that? Callbacks to application code > to allow/deny new connection requests, perhaps?
Well, I am not a security person, but I thought blocking particular IP addresses is more of an administrative task and should be done using firewall, no? Martin _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
