Just remember that there are at least 3 ways to reference a local host: 127.0.0.1 localhost machinename These methods have different security implications. >From: Craig Minton <CraigSecurityat_private> >Reply-To: CraigSecurityat_private >To: secprogat_private >Subject: Trusting localhost? >Date: Wed, 23 Jul 2003 14:16:13 -0700 (PDT) > >If you are creating an application that communicates using TCP, but only >want to take requests from the localhost, are there reasons why you would >not want to check that the incoming request is from localhost and then >trust it? This is in a Windows environment. Would IP spoofing work if the >application was checking for the IP address 127.0.0.1? If so, how likely >is it that IP spoofing would work today, in a corporate environment? > >Thank you for any direction you can provide. > >_____________________________________________________________ >Fight the power! BlazeMail.com _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 11:18:04 PDT