[wpkg-users] security issues

Tomasz Chmielewski mangoo at wpkg.org
Tue Jun 5 11:00:39 CEST 2007


Marco Gaiarin schrieb:
> Mandi! Tomasz Chmielewski
>   In chel di` si favelave...
> 
>> Before we start we have to assume one thing: the whole "security" can't 
>> be handled by wpkg.js itself, it has to be made by the WPKG 
>> Client/Installer.
> 
> Clearly can be better, but solutions proposed i think that can be used
> also with plain wpkg.js... they does not involve more server/client
> comunication then current one...

As in 99% cases wpkg.js sits on the remote server, it is by definition 
insecure, isn't it?
Handling security by something which is hosted on a potentially not 
secure machine isn't the best idea - you would never know if it's your 
or attacker's wpkg.js.


>> On the other hand, probably there are some people using WPKG without a 
>> domain; just in a workgroup, and it would be harder for them to add such 
>> security feature.
> 
> Exactly this. I Admit that i'm a bit lazy in my domain to use guest
> access to WPKG and %SOFTWARE% shares, but indeed a 'minimal'
> client/server authentication have to be implemented.

OK, but how? :)


-- 
Tomasz Chmielewski
http://wpkg.org


wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users



More information about the wpkg-users mailing list