[wpkg-users] security issues
Brian May
bam at snoopy.apana.org.au
Thu Jun 7 06:36:18 CEST 2007
>>>>> "Marco" == Marco Gaiarin <gaio at sv.lnf.it> writes:
Marco> I'm a bit lost in this thread, but, for completeness, to
Marco> have samba use the guest access you have to:
Yes. But how do you know you are talking to the genuine server, and
not a fake server that somebody set up containing a copy of wpkg.js
that deletes your hard disks?
Even if active directory solves this (I haven't been able to check
this), or if domains solve this (as far as I can tell they don't, but
I might have to talk to Samba people to confirm this), there is no
mechanism to solve this issue for workgroups, and I seem to remember
using wpkg within workgroups is a supported configuration.
In fact, the fake server doesn't have to even be on your local
network, if you use a WINS server (recommended), all you need is for a
remote box to trick a WINS server to serve its IP address - although
hopefully if you have any sense you want allow remote machines to
access your internal network resources...
--
Brian May <bam at snoopy.apana.org.au>
wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
More information about the wpkg-users
mailing list