Hi,
I wouldnt use machinename as a reference to lochost
as a lookup by machine name returns the routable IP
address of the machine and involves talking to a
DNS server.
-mtl
--------------------------------------------------
Michael Lapinski
Computer Scientist
GE Research
"I think there is a world market for maybe five computers."
- IBM Chairman Thomas Watson, 1943
->-----Original Message-----
->From: Gerard Vignes [mailto:gerardmarshallvignesat_private]
->Sent: Monday, July 28, 2003 2:16 PM
->To: secprogat_private
->Subject: Re: Trusting localhost?
->
->
->Just remember that there are at least 3 ways to reference a
->local host:
-> 127.0.0.1
-> localhost
-> machinename
->These methods have different security implications.
->
->>From: Craig Minton <CraigSecurityat_private>
->>Reply-To: CraigSecurityat_private
->>To: secprogat_private
->>Subject: Trusting localhost?
->>Date: Wed, 23 Jul 2003 14:16:13 -0700 (PDT)
->>
->>If you are creating an application that communicates using
->TCP, but only
->>want to take requests from the localhost, are there reasons
->why you would
->>not want to check that the incoming request is from
->localhost and then
->>trust it? This is in a Windows environment. Would IP
->spoofing work if the
->>application was checking for the IP address 127.0.0.1? If
->so, how likely
->>is it that IP spoofing would work today, in a corporate environment?
->>
->>Thank you for any direction you can provide.
->>
->>_____________________________________________________________
->>Fight the power! BlazeMail.com
->
->_________________________________________________________________
->Tired of spam? Get advanced junk mail protection with MSN 8.
->http://join.msn.com/?page=features/junkmail
->
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 11:29:22 PDT