richard offer wrote: > 80 is the convention for http, 443 for https (http over SSL/TLS). > > But your argument stands, neither service requires system privileges to run > (apart from opening that initial port). Yes they do. When I connect to the HTTP service for a machine, I want assurance that I'm talking to THE web server, not just some web server that one of the user's set up. For the HTTPS service, the certificate assures that, but for HTTP, the fact that it is bound to port 80 is all the assurance that I have. It was mentioned here that Windows does not observe this convention: that's because Windows was never designed to be a multi-user operating system. This is among many other limitations of Windows resulting from the assumption that the machine will have one user, and that user will have access to the physical keyboard and screen. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 08:49:22 PDT