[wpkg-users] security issues
Tomasz Chmielewski
mangoo at wpkg.org
Tue Jun 5 12:48:30 CEST 2007
Marco Gaiarin schrieb:
> Mandi! Tomasz Chmielewski
> In chel di` si favelave...
>
>> As in 99% cases wpkg.js sits on the remote server, it is by definition
>> insecure, isn't it?
>
> It's a pint of view...
>
>> Handling security by something which is hosted on a potentially not
>> secure machine isn't the best idea - you would never know if it's your
>> or attacker's wpkg.js.
>
> Indeed ther's some different problems to take care.
>
> What i'm speaking about is a:
>
> a) an attacker have no access to the server (indeed, done that we have
> no more things to speak about... ;), no access to the clients apart
> one/two to get some knowledge on the system
>
> b) the attacker want to take control of all clients (that use WPKG, of
> course).
Well, perhaps it suffices if WPKG service is started as a domain user,
or WPKG path uses domain user credentials.
Then, Windows should take care of all security issues for us - no need
to reinvent anything here, if the operating system already does it?
And Brian - what kind of tests did you really make?
--
Tomasz Chmielewski
http://wpkg.org
wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
More information about the wpkg-users
mailing list