[Mono-list] Security Madness

Tom Larsen tomar@apricot.com
Wed, 19 Jan 2005 12:31:53 -0800 (PST)

Previous message: [Mono-list] Security Madness
Next message: [Mono-list] Server.Transfer and Response.Redirect crashes XSP on Windows - Take 2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 19 Jan 2005, Matthew Metnetsky wrote:

> On Wed, 2005-01-19 at 09:43 -0800, Tom Larsen wrote:
>> Instead of working to confuse how the assembly runs, you should work
>> towards making the machine that runs it secured.
>
> As the application is distributed, I'm not sure how to secure X client
> machines.  However, I certainly agree with you if we could.  Any ideas?
> And yes, all communication from within the assembly is encrypted.

ssh can easily be made to transport the X network protocol.  However this 
has little to do with mono or .Net.

As I was trying to stress before, knowing or inspecing the authentication 
code should not weaken the system.  I'm having a hard time imagining 
a system where knowing the way the client side authentication code
threatens security.  Security is often breached from the client side
because other aspects fail (ie. easy passwords, lost passwords, etc.).

> ~ Matthew

Tom Larsen

Previous message: [Mono-list] Security Madness
Next message: [Mono-list] Server.Transfer and Response.Redirect crashes XSP on Windows - Take 2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]