On Wed, Aug 5, 2009 at 2:41 PM, Sai Pullabhotla<sai.pullabho...@jmethods.com> wrote: > I also have another question around the same code...Should we be > checking the remote address and make sure it matches with the IP > address of the remote host on the control connection. If we do not do > this check, it is possible for a hacker to connect to this port before > the original client and may gain access to the data? I know it is not > very easy to do this, but just in case. What do you think?
I think this makes sense. We already do the logically same for active connections. Probably only should apply this to the 1.1.X (trunk) code, right? /niklas