Your suggestion to bind 127.0.0.1 is an easy and complete solution for limiting access to localhost and this provides real security. This, along with other measures will be in the next beta.
For now, users who don't have a firewall that prevents port sniffing from outside a trusted network should make the following change: file: ~system\extras\util\jhs\core.ijs NB. bind '' allows any user and '127.0.0.1' restricts to localhost NB. sdcheck sdbind SKLISTEN;AF_INET;'';PORT sdcheck sdbind SKLISTEN;AF_INET;'127.0.0.1';PORT On Tue, Mar 23, 2010 at 8:01 PM, Raul Miller <[email protected]> wrote: > On Tue, Mar 23, 2010 at 7:17 PM, Eric Iverson <[email protected]> > wrote: > > You are quite right to be concerned about security. This is an issue that > > has been ignored to date, but will be important to address in the near > > future. I'm hoping that users who have more familiarity with this area > than > > I do will make contributions. > > > > When you start the jhs task it is listening on port 50000. This means > that > > anybody who knows your IP address AND connects to port 50000 AND knows J > has > > nasty access to your machine. This is not good in the long term and > perhaps > > not even good in the short term. > > > > This can be convenient if you want access between machines on your local > > network. But could be a serious security problem. > > Yes, as it currently stands, this is horrid security. > > If you bind on the address 127.0.0.1 then outsiders > can not get to it. > > FYI, > > -- > Raul > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm > ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
