[Eric_Jacobs@fc.mcps.k12.md.us (Eric Jacobs) writes:]
>I see no one's answered, so I'll give it a try...
I didn't answer because each time we get a query like this and I answer, the
person goes away. So I thought I'd let somebody else try "first contact". :->
>VSTa is definitely in need of a good SVGA graphics module that could
>handle stuff like bitmaps, clipping, etc.
Also blit! Especially as connected to the bitblit support of the various
graphics chips.
>The problem is that that number is a public server number. Any process
>can open that "//####" and connect to telnetd. A user could write a
>process that hides in the background poking around at port numbers,
>trying to run a fake login process that will record passwords. Etc.
Since all connections are authenticated, I don't see the problem. You
always know the identity of the connecting process.
Even if you didn't want to depend on that, you could generate a 128-bit
number which the connector had to supply before their connection would be
accepted and used.
>The traditional ACL way of solving this, of course, is to require that
>the client who opens "//####" has sys privileges, or whatever. That
>certainly would work, but it doesn't sit well with me for two reasons:
>first, it's not really the VSTa philsophy.
Right. Instead, VSTa tries to preserve the identity (i.e., mechanism)
while leaving policy to the server. I think there's enough mechanism
available to solve this problem.
Andy Valencia
Received on Mon Aug 9 06:45:19 1999
This archive was generated by hypermail 2.1.8 : Thu Sep 22 2005 - 15:12:56 PDT