On Wed, Aug 5, 2009 at 2:41 PM, Sai
Pullabhotla<sai.pullabho...@jmethods.com> wrote:
> I also have another question around the same code...Should we be
> checking the remote address and make sure it matches with the IP
> address of the remote host on the control connection. If we do not do
> this check, it is possible for a hacker to connect to this port before
> the original client and may gain access to the data? I know it is not
> very easy to do this, but just in case. What do you think?

I think this makes sense. We already do the logically same for active
connections. Probably only should apply this to the 1.1.X (trunk)
code, right?


Reply via email to