On Thu, Apr 3, 2008 at 4:49 PM, Jan Just Keijser <[EMAIL PROTECTED]> wrote: > This does raise another interesting question: how session safe is > pcsc-lite? Right now, all comms are over a single socket /var/run/pcscd.comm > - how is access control to this socket implemented? Otherwise I could > envisage a very simple DoS : if more than 1 person is allowed to log onto a > computer then each person can access the socket and try to access a > token/smart card until it locks up (most cards will block after N attempts). > How can a user be protected from this?
This is a FAQ. But I could not find the similar thread on the MUSCLE list. As you wrote all communications are over a single socket /var/run/pcscd.comm. So you just need to use the Unix security mechanism to restrict the access to this file to users allowed to use the smart card (create a group smartcard for example). This security configuration is left to the local system administrator. Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
