* Colin Davis <Colin at sq7.org> [2006-06-01 03:57:27]: > In looking at SinnerG's automatic reference adding script, it occurs to > me that there is a threat in the combination of the darknet and > automatically running on port 8888... > > Couldn't a internet website utilize Javascript to connect to > localhost:8888 of each user (utilizing an iframe or such). > > In doing so, they can connect to, and gather information on, every > freenet user who visits their site... > > Tey could harvest everyone's network connections (building a map of the > network), as well as change configuration options, or disconnect nodes. > > This seems like a somewhat signifigant problem.. Thoughts? > > -Colin
We can't prevent people from their own stupidity :) Of course it's feasible : Your node should be sandboxed and NOT accessible when you're browsing the "normal" internet. that's all :P The easiest way to "prevent" such harmfull behaviour would be to have some kind of authorization scheme when doing "potential" harmfull operations ... that would preclude any kind of automation... And according to Ian, that's not a goal we should try to achieve ;) NextGen$ (Convinced too that the reference auto-adder is EVIL!) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060601/805ec046/attachment.pgp>
